About
Enterprise customers that wish to store highly sensitive information in Corsa are offered the Sensitive Data Management feature:- Customers install the Corsa encryption service in their environment.
- Sensitive data is encrypted and decrypted using the customer’s key.
- Encryption occurs on the customer’s side, ensuring full control and compliance.
- The service connects securely to the customer’s AWS KMS.
- End-to-end encryption control.
System Requirements
- A modern Debian distribution (e.g. Ubuntu 24.04)
- Node.js 22.x
- 1 gigabyte of memory
- 1 gigabyte of storage
Networking
- Inbound TLS (typically port 443)
- Outbound traffic can be restricted to TCP port 443 (needed for JWT verification from Auth0 and Corsa)
Keys
There are 4 keys used to encrypt data and handle 2FA:| Name | Type | Description |
|---|---|---|
| JWT_SIGNING | SIGN_VERIFY | JWT signing key |
| INVITE_CHALLENGE | SIGN_VERIFY | Invitation challenge key |
| TOTP_SECRET_ENCRYPTION | ENCRYPT_DECRYPT | Two-factor authentication |
| ENCRYPTION | ENCRYPT_DECRYPT | PII encrypt / decrypt |
Setup
It is recommended to create the keys before launching an instance. See our Terraform guide for an example.BYOK is available for enterprise customers. Learn more about Corsa’s security approach or schedule a demo to discuss your encryption requirements.