Guides

Organization Level Secrets & Encryption

Learn how HIPAA-compliant secrets, integration credentials, and keys are encrypted at rest and injected dynamically.

Overview

Intelligent Office Suite enforces bank-grade encryption rules on all organization-level credentials, ensuring API tokens and custom gateway parameters remain secure under strict HIPAA regulations.

Security Framework

  • AES-256 GCM: Credentials are encrypted using a global master key combined with unique organization salts.
  • Write-Only Parameters: Saved secret values can never be retrieved or viewed from the UI once stored.
  • Dynamic Injection: Integration keys are injected into memory only at the moment of API execution.

Intelligent Office Suite automatically generates, configures, and rotates the underlying encryption keys behind the scenes. Administrators do not need to manually configure or manage secrets keys to activate the encryption pipeline.

Encryption & Dynamic Injection Pipeline

All organization-level environment credentials undergo an isolated encryption/decryption sequence during execution:

1. UI Input Verification

An administrator inputs a credential (e.g., Stripe Secret Key). The plaintext is transferred securely via HTTPS.

2. AES-256-GCM Encryption

The application backend immediately encrypts the plaintext using AES-256-GCM. It generates a random 12-byte Initialization Vector (IV) and a 16-byte authentication tag.

3. Write-Only DB Storage

The compiled string (`iv:tag:ciphertext`) is stored in the database. The plaintext is garbage-collected instantly, making the parameters strictly write-only.

4. Dynamic Memory Injection

During integration API calls, the backend retrieves the ciphertext, decrypts it in-memory using the master key, processes the call, and discards it from memory immediately.