Column-Level Encryption¶
Enterprise-grade security for sensitive data with granular column-level encryption.
Overview¶
HeliosDB's Column-Level Encryption provides: - Selective encryption of PII, financial, and sensitive data - GDPR/HIPAA/PCI-DSS compliance support - Transparent encryption/decryption (zero code changes) - Multiple encryption algorithms (AES-256-GCM, ChaCha20-Poly1305) - Format-Preserving Encryption (FPE)
Quick Start¶
-- Enable encryption on a column
ALTER TABLE customers
ALTER COLUMN ssn SET ENCRYPTION ALGORITHM 'AES-256-GCM';
-- Insert data (automatically encrypted)
INSERT INTO customers (name, ssn) VALUES ('John Doe', '123-45-6789');
-- Query data (automatically decrypted)
SELECT name, ssn FROM customers WHERE id = 1;
Key Features¶
| Feature | Description |
|---|---|
| AES-256-GCM | Default, hardware-accelerated, FIPS 140-2 compliant |
| ChaCha20-Poly1305 | Software-optimized for non-AES-NI platforms |
| Format-Preserving | Maintains data format (SSN, CC, phone, email) |
| Key Rotation | Zero-downtime rotation without re-encryption |
| KMS Integration | AWS KMS, Azure Key Vault, GCP Cloud KMS |
Performance¶
- Less than 5% overhead vs. unencrypted operations
- Multi-level caching (L1 memory, L2 with TTL, key cache)
- Batch processing for parallel encryption
- Hardware AES-NI acceleration
Documentation¶
| Document | Description |
|---|---|
| COLUMN_LEVEL_ENCRYPTION.md | Complete implementation guide |
| COLUMN_ENCRYPTION_QUICK_START.md | Getting started guide |
Related¶
- Security Quick Start:
/docs/quick-starts/features/SECURITY_QUICK_START.md - Security Hardening:
/docs/guides/user/SECURITY_HARDENING_V7.md
Status: Production Ready Version: v7.0