Column-Level Encryption
Column-Level Encryption
Enterprise-grade security for sensitive data with granular column-level encryption.
Overview
HeliosDB’s Column-Level Encryption provides:
- Selective encryption of PII, financial, and sensitive data
- GDPR/HIPAA/PCI-DSS compliance support
- Transparent encryption/decryption (zero code changes)
- Multiple encryption algorithms (AES-256-GCM, ChaCha20-Poly1305)
- Format-Preserving Encryption (FPE)
Quick Start
-- Enable encryption on a columnALTER TABLE customers ALTER COLUMN ssn SET ENCRYPTION ALGORITHM 'AES-256-GCM';
-- Insert data (automatically encrypted)INSERT INTO customers (name, ssn) VALUES ('John Doe', '123-45-6789');
-- Query data (automatically decrypted)SELECT name, ssn FROM customers WHERE id = 1;Key Features
| Feature | Description |
|---|---|
| AES-256-GCM | Default, hardware-accelerated, FIPS 140-2 compliant |
| ChaCha20-Poly1305 | Software-optimized for non-AES-NI platforms |
| Format-Preserving | Maintains data format (SSN, CC, phone, email) |
| Key Rotation | Zero-downtime rotation without re-encryption |
| KMS Integration | AWS KMS, Azure Key Vault, GCP Cloud KMS |
Performance
- Less than 5% overhead vs. unencrypted operations
- Multi-level caching (L1 memory, L2 with TTL, key cache)
- Batch processing for parallel encryption
- Hardware AES-NI acceleration
Documentation
| Document | Description |
|---|---|
| COLUMN_LEVEL_ENCRYPTION.md | Complete implementation guide |
| COLUMN_ENCRYPTION_QUICK_START.md | Getting started guide |
Related
- Security Quick Start:
/docs/quick-starts/features/SECURITY_QUICK_START.md - Security Hardening:
/docs/guides/user/SECURITY_HARDENING_V7.md
Status: Production Ready Version: v7.0