ec620a7765
* implement mdx remote * fix an unfenced code block * fix partials path Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
35 lines
1.6 KiB
Plaintext
35 lines
1.6 KiB
Plaintext
---
|
|
layout: guides
|
|
page_title: Encryption as a Service - Guides
|
|
sidebar_title: Encryption as a Service
|
|
description: |-
|
|
The transit secrets engine handles cryptographic functions on data in-transit.
|
|
Vault doesn't store the data sent to the secrets engine. It can also be viewed
|
|
as "cryptography as a service" or "encryption as a service".
|
|
---
|
|
|
|
# Encryption as a Service
|
|
|
|
Vault provides Encryption as a Service (EaaS) to enable security teams to
|
|
fortify data during transit and at rest. So even if an intrusion occurs, your
|
|
data is encrypted and the attacker would never get a hold of the raw data.
|
|
|
|
This guide walks you through Encryption as a Service topics.
|
|
|
|
- [Encryption as a Service](/guides/encryption/transit) guide walks you
|
|
through the usage of the `transit` secrets engine in Vault.
|
|
Read this guide first before proceeding to the [Transit Secrets
|
|
Re-wrapping](/guides/encryption/transit-rewrap) guide or [Java Application
|
|
Demo](/guides/encryption/spring-demo) guide.
|
|
|
|
- [Java Application Demo](/guides/encryption/spring-demo) guide walks
|
|
through a sample application which relies on Vault to generate database
|
|
credentials as well as encrypting sensitive data. This guide is for anyone who
|
|
wishes to reproduce the demo introduced in
|
|
the [Manage secrets, access, and encryption in the public cloud with Vault](https://www.hashicorp.com/resources/solutions-engineering-webinar-series-episode-2-vault)
|
|
webinar.
|
|
|
|
- [Transit Secrets Re-wrapping](/guides/encryption/transit-rewrap) guide
|
|
demonstrates one possible way to re-wrap data after rotating an encryption key
|
|
in the transit engine in Vault.
|