Curiosity for Developers
  • Overview
  • Getting Started
    • Introduction
    • System Overview
      • Workspace
      • Connectors
      • Front End
    • Requirements
    • Installation
      • Deploying on Windows
        • Download Curiosity Workspace for Windows
      • Deploying on Docker
        • Deploying using Docker Desktop App
        • Docker Hub
      • Deploying on Kubernetes
      • Deploying on OpenShift
      • Configuration
    • Configure your Workspace
    • Connecting to a Workspace
      • Download App
    • Built-in Templates
  • Security
    • Introduction
    • Hosting
    • Encryption
    • Users and Access
      • User Invitations
      • Single Sign-On (SSO)
        • Google Sign-In
        • Microsoft / Azure AD
        • Okta
        • Auth0
    • Permissions Management
    • Auditing
    • Teams management
    • Configuring Backup
      • Restoring a backup
    • Activate a workspace license
  • Data Sources
    • Introduction
    • User Apps
    • Workspace Integrations
    • API Integrations
      • Introduction
      • Data Modeling
      • Writing a Connector
      • Access Control
      • API Tokens
      • API Overview
      • Tips
    • Supported File Types
    • Curiosity CLI
      • Installation
      • Authentication
      • Commands
  • Search
    • Introduction
    • Languages
    • Synonyms
    • Ranking
    • Filters
    • Search Permissions and Access Control
  • Endpoints
    • Introduction
    • Creating an endpoint
    • Calling an endpoint
    • Endpoint Tokens
    • Endpoints API
  • Interfaces
    • Introduction
    • Local Development
    • Deploying a new interface
    • Routing
    • Node Renderers
    • Sidebar
    • Views
  • Artificial Intelligence
    • Introduction
    • Embeddings Search
    • AI Assistant
      • Enabling AI Assistant
    • Large Language Models
      • LLMs Models Configuration
      • Self-Hosted Models
    • Image Search
    • Audio and Video Search
  • Sample Workspaces
    • Introduction
    • HackerNews
    • Aviation Incidents
    • Covid Papers
    • NASA Public Library
    • Suggest a Recipe
  • Basic Concepts
    • Graph database
    • Search Engine
  • Troubleshooting
    • FAQs
      • How long does it take to set up?
      • How does Curiosity keep my data safe?
      • Can we get Curiosity on-premises?
      • Can I connect custom data?
      • How does Workspace pricing work?
      • Which LLM does Curiosity use?
      • What's special about Curiosity?
      • How are access permissions handled?
      • What enterprise tools can I connect?
      • How to access a workspace?
      • How do I hard refresh my browser?
      • How do I report bugs?
      • How do I solve connectivity issues?
      • How do I contact support?
  • Policies
    • Terms of Service
    • Privacy Policy
Powered by GitBook
On this page
  • Encryption in Transit
  • Encryption at Rest
  • Generating a key on macOS / Linux
  • Generating a key on Windows
  1. Security

Encryption

How Curiosity encrypts your data on a workspace

Encryption in Transit

Cloud-based workspaces have their in-transit communications to and from the workspace encrypted using the standard HTTPS protocol, using TLS 1.2 and above. They're also protected by Cloudflare against abuse and DDOS attacks. This applies for all communications between the browser and the workspace, between the workspace and external integrations, and between custom integrations and the workspace.

Encryption at Rest

Cloud-based workspaces have their storage encrypted at rest using AES256, using a per-workspace unique encryption key. Workspaces deployed on-premises or locally for development, can also be encrypted at rest by setting up the encryption key as required during initialization. In order to enable that, pass a secure encryption key using the environment variable MSK_GRAPH_MASTER_KEY.

The encryption key must be 32 bytes long and encoded using BASE64.

Generating a key on macOS / Linux

You can generate a valid random key using the following command on your terminal:

head -c 32 /dev/urandom | base64

Generating a key on Windows

You can generate a valid random key using the following command on PowerShell:

$bytes = [byte[]]::new(32)
$random = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
$random.GetBytes($bytes)
$key = [System.Convert]::ToBase64String($bytes)
echo $key

PreviousHostingNextUsers and Access

Last updated 11 months ago

Please store this key in a safe place, as you'll lose access to any data inside a Curiosity workspace in case you lose access to it. It is recommended to use a or when deploying Curiosity using an orchestration platform, or the equivalent Secrets Vault of your cloud provider.

Kubernetes Secrets
OpenShift Secrets