Vault-Managed Encryption

April 23, 2019
How Vault-Managed Encryption Works

The AuricVault® tokenization service provides all your encryption and key management requirements.

The service provides:

  • PCI compliant encryption for the tokenized data.
  • AES-256 data encryption keys (DEK).
  • GPG encrypted key encryption keys (KEK).
  • Automatic, PCI compliant data encryption key rotation.

The AuricVault® service key management services are located within a PCI compliant hosting facility separate from the encryption servers and the key services. The encryption services are separated geographically as well as across multiple hosting providers.

The AuricVault® tokenization and storage service offers implementation flexibility. Direct connectivity allows both modern servers and legacy systems to integrate with the AuricVault® service. The integration method is a simple HTTPS POST call using JSON-RPC. Almost any programming language can easily integrate with the service. Vault-managed encryption performs all encryption/decryption and key management tasks within the AuricVault® service.  Plain text (unencrypted) data is sent to the AuricVault® service.

Vault-Managed API Calls

  • encrypt
  • decrypt
  • reencrypt
  • session_encrypt
  • session_decrypt
  • delete_token
  • token_info
  • touch_token
  • get_session


Have Questions?

Contact Us

1,000 character limit.

By submitting your name, email address, phone number, and message, you are permitting us to contact you by these means in response to your inquiry or feedback. You also acknowledge that you have read our Privacy Statement and that you consent to our processing data in accordance with it.