AnimaAnima
Sign inGet Started
← Back to blog

Agent Data Encryption at Rest: Implementing Envelope Encryption

How Anima implements envelope encryption using KEKs and per-org DEKs with AES-256-GCM field-level security.

Anima Team2 min read
#encryption#security#aes-256

Security for AI agents requires more than just standard database encryption. When agents handle sensitive credentials, financial data, and personal communications, the infrastructure must provide cryptographic isolation between different organizations. Anima achieves this through a robust envelope encryption architecture.

The Hierarchy: KEK and DEK#

Envelope encryption uses a hierarchy of keys to protect data. At the top level sits the Key Encryption Key (KEK), which is managed in a secure Hardware Security Module (HSM) or cloud KMS. Below the KEK, Anima generates a unique Data Encryption Key (DEK) for every organization.

The KEK never encrypts the actual data. Instead, it encrypts the per-organization DEK. This means even if a single database record is compromised, the attacker cannot decrypt the content without access to both the KEK and the specific DEK for that organization.

AES-256-GCM Field-Level Encryption#

Anima performs encryption at the field level, not just the volume level. Sensitive fields like API keys, secrets, and message bodies are encrypted using AES-256-GCM. This authenticated encryption mode ensures both confidentiality and integrity, preventing unauthorized tampering with the ciphertext.

When an agent stores a secret via the SDK, the following process occurs:

  1. The SDK sends the plaintext to the Anima Vault.
  2. The Vault retrieves the organization's encrypted DEK.
  3. The KEK decrypts the DEK.
  4. The DEK encrypts the plaintext using AES-256-GCM with a unique nonce.
  5. The result is stored in the database.

Ciphertext Format#

Encrypted fields in Anima follow a specific format to allow for versioning and easy identification within the application layer. Every encrypted string starts with the enc:v1: prefix, followed by the base64-encoded ciphertext.

import { Anima } from '@anima/sdk';
 
const client = new Anima({ apiKey: process.env.ANIMA_KEY });
 
// Storing a sensitive credential in the vault
await client.vault.set('stripe_secret', 'sk_live_51P...');
 
// The internal storage format looks like this:
// enc:v1:YmFzZTY0LWVuY29kZWQtY2lwaGVydGV4dC13aXRoLWF1dGgtdGFn

Security Benefits of Per-Org Isolation#

By using per-organization DEKs, Anima provides cryptographic multi-tenancy. If one organization decides to rotate their keys or delete their data, we can securely shred their DEK. Without the DEK, the underlying encrypted data becomes mathematically impossible to recover, even if the KEK remains intact.

This approach minimizes the blast radius of any potential security incident. It also simplifies compliance audits, as we can demonstrate clear isolation between different customers' sensitive agent data.

Implementation with the SDK#

The Anima SDK abstracts the complexity of this encryption layer. Developers interact with plaintext values, while the infrastructure handles the cryptographic heavy lifting in the background.

// Retrieving and using an encrypted secret
const secret = await client.vault.get('stripe_secret');
 
// The SDK handles decryption transparently
console.log(`Using secret: ${secret.substring(0, 7)}...`);

Security is a foundational requirement for the next generation of autonomous agents. By implementing envelope encryption at rest, Anima ensures that agent identities and their associated data remain protected against sophisticated threats.

Stay Updated

Get the latest on AI agent identity, delivered weekly.