index_key
, is a 256-bit symmetric cryptographic key—the same you would find when using AES-256 encryption. CyborgDB’s cryptography is based entirely on well-established cryptographic standards, including AES, HMAC, and SHA-3 (Keccak).
Without the correct index_key
, it is impossible to use a CyborgDB Encrypted Index. You cannot upsert vectors, query the index, or even delete it. Hence, it is critical to manage these encryption keys safely.
Generate a Key with OpenSSL
index_key.txt
. Ensure that this file is kept secure and not included in your source control.Use the Key in Python
Generate a Data Key Using AWS KMS
<Your-Key-Id>
with your KMS Key ID or ARN.Plaintext
and CiphertextBlob
are Base64-encoded binary data.Option B: PythonStore the Encrypted Key
Use the Encrypted Key in Your Application at Runtime
encrypted_key_b64
) is safe to store in configuration files since it’s encrypted.kms_client.decrypt
method securely retrieves the plaintext key at runtime.Ensure IAM Permissions
kms:Decrypt
action. Attach a policy to your IAM role or user: