Understanding Vaults

What is a vault?

A vault is a decentralised data-store. Historically, most data has been stored in a centralised fashion i.e. you interact with one central location to access all data, for example; a single database holding all your customer credit card details. Decentralisation involves distributing this sensitive data over many locations, deployed as a fragmented and encrypted data store, whereby all fragments must be physically brought together and decrypted before the data can be used. For our credit card example, this may mean a data fragment is stored on the end-user's device and another data fragment is stored on the merchant's server. As a result, the cost of stealing this sensitive data is greatly increased as all fragments would need to be located and stolen even before the challenge of decryption can commence.
Haventec offers both Offline and Online Vault API's to allow you to easily decentralise your sensitive data.

What is an offline vault?

An offline vault is Sanctum secured data that does not require any interaction from the end-user, for example; a merchant using a customer’s credit card for recurring payments. This is useful if the data intended to be stored in a vault needs to be available to be accessed at all times by an external application connected to Sanctum.

What is an online vault?

An online vault is Sanctum secured data, typically used in real time interactions and stored on an end user's device; for example, a customer’s credit card details used to purchase goods and services. This is used if the data intended to be stored in a vault is accessed when the end-user interacts in real-time using Sanctum to securely oversee transactions. Such transactions may either be direct to Sanctum or indirect via third-party Sanctum enabled applications. The end-user is involved in all operations with the online vault.
For additional protection, an online vault can be configured with a pin used for all subsequent interactions with the vault.

What is a credit card vault?

A credit card vault is Sanctum secured data specifically designed for credit cards, with this type of vault supporting PCI compliance requirements.

What is a generic vault?

A generic vault is Sanctum secured data for all other use cases supporting a vault size of up to 1MB (Total size of POST request).

Can vaults be secured with a JWT?

Yes, when creating a sanctum application please enable the JWT validation option. ES384 (ECDSA using P-384 curve and SHA-384) is currently supported as a JWT algorithm. You may also configure a set of case-sensitive claims to match against. If a JWT is provided that matches one of the configured claims, the request will be allowed. Click here to see an example for setting up an application with JWT secured vaults.