- Encrypted storage: Credentials are encrypted at rest in the database. Axiom uses strong, industry-standard encryption methods and follows best practices.
- Per-entry encryption: Each credential is encrypted individually with its own unique key. This limits the potential impact if any single key is compromised.
- Secure transit: Credentials are encrypted in transit between your browser/client and the Axiom API using TLS 1.2 or 1.3.
- Internal encryption: Credentials remain encrypted within Axiom’s internal network.
- Memory handling: When credentials are briefly held in memory (for example, when delivering payloads), Axiom relies on cloud infrastructure security guarantees and proper memory management techniques, including garbage collection.
- Contextual encryption: Different uses of the same credentials use different encryption contexts. This adds an extra layer of protection.
- Role-based access: Axiom uses role-based access control for key management without keeping any master keys that can decrypt customer data.
Flow
Data security in Flow
This page explains the measures Axiom takes to protect sensitive data in Flow.
When you use flows, Axiom takes the following measures to protect sensitive data such as private keys: