The Encryption Engine
Behind Your Apps
A developer-first REST API with three purpose-built vaults for payment cards, sensitive data, and files. PCI Level 1 compliant with AES-256 encryption and OAuth2 authentication.
Three Vaults. Total Protection.
Enigma Vault encrypts and tokenizes data of all shapes and sizes so you never have to touch sensitive information directly.
Card Vault
Tokenize payment cards and process transactions without ever touching card data. One way in and no way out except through our proxy.
- PCI scope reduction for your application
- Proxy endpoint for gateway integration
- Customizable hosted card entry forms
- Ephemeral CVV storage with auto-purge
- Pre-integrated payment providers
Data Vault
Field-level encryption with searchable capabilities. Store up to 5,000 secrets per request with instant tokenization.
- AES-256 field-level encryption
- Search encrypted data without decrypting
- Batch operations up to 5,000 per request
- Custom identifiers for your records
- Cross-client sharing via ephemeral keys
File Vault
Encrypted storage for files of all types and sizes. From kilobytes to 5 GB with client-side encryption and presigned URLs.
- Files up to 5 GB with AES-GCM encryption
- Presigned URL upload and download
- Managed encryption keys
- Real-time file status via WebSocket
- Ephemeral key sharing across clients
Three Steps to Secure Data
Integrate in minutes with a straightforward REST API from any language or platform.
Authenticate
Get an OAuth2 access token from our OAuth2 auth service with your client credentials and scopes.
Store & Tokenize
Send your sensitive data to the vault. We encrypt it with AES-256 and return a token you can safely store anywhere.
Retrieve & Proxy
Use tokens to retrieve data, search by plaintext, or proxy card transactions to payment gateways without exposing raw data.
Built for Developers Who Move Fast
Drop encryption, tokenization, and secure file storage into any stack with a few API calls. Here's how teams are using it.
Government
Encrypt tax records, criminal justice data, driver license info, and HR files across agencies. Field-level encryption keeps each data type isolated with per-department scopes and audit trails and distributed tracing.
Healthcare
Encrypt EHR and EMR fields (SSNs, diagnoses, prescriptions, lab results) at the API level while keeping non-sensitive metadata searchable. AES-256 field encryption meets HIPAA requirements out of the box.
Education
Protect student records, financial aid data, and staff HR files across departments. Batch-encrypt up to 5,000 records per call during enrollment surges and store transcripts and IDs in File Vault with presigned URLs.
Financial
Tokenize payment cards and proxy charges to any gateway without PCI scope in your codebase. Vault ACH data, account numbers, and loan documents in separate encrypted stores with per-client key isolation.
Large Enterprises
Protect intellectual property, HR records, and cross-department secrets at scale. Multi-tenant client isolation, dedicated encryption keys, and ephemeral key sharing let distributed teams integrate without stepping on each other.
Small Businesses
Start free on the Lite tier and add encryption to your stack in minutes. Tokenize customer payment cards, encrypt PII, and store sensitive files, all through a clean REST API with no SDK required.
Legal
Encrypt case files, retainer agreements, and privileged communications at the field level. Store signed documents in File Vault with full audit logging and share across counsel via ephemeral keys.
Insurance
Vault policyholder PII, claims documents, and payment card data across lines of business. Search encrypted records without decrypting and proxy premium payments through Card Vault's gateway integration.
Enterprise-Grade Protection
Built with defense in depth. Every layer is designed around zero-trust principles.
AES-256 Encryption
All data encrypted at rest using AES-256-CBC with unique per-field initialization vectors. Files use AES-GCM with envelope encryption.
Ephemeral Keys
One-time-use, time-limited keys for cross-client data sharing. Automatically expire and self-destruct after use.
Managed Key Infrastructure
Encryption keys managed through a dedicated key management service. Customer-isolated key hierarchies with automatic rotation.
Network Isolation
Per-tenant IP whitelist validation, multi-tenancy isolation via client ID, and enterprise service restrictions.
Audit Logging
Every request logged with client ID, IP address, resource path, and response status. Full distributed tracing.
Compliance
PCI DSS Level 1 certified and SOC 2 Type II audited. Reduce your own audit scope by offloading to us.
See It in Action
Watch short walkthroughs of the Enigma Vault API in use.
Card Vault Redirect Flow
Accept card data without touching it using the redirect flow.
Data Vault Encryption
Add a secret to the Data Vault with field-level AES-256 encryption.
Card Vault Payments
Use the Card Vault payments endpoint to proxy transactions to gateways.
Card Vault Demo
See tokenization in action. Enter a test card number below. Your app never touches the card data. Try 4111 1111 1111 1111 with any expiration and CVV.
Integration examples on GitHub. Full docs at docs.enigmavault.io.
Start Free, Scale as You Grow
Each vault is priced independently. Only pay for what you use. All plans include OAuth2 auth and AES-256 encryption.
Lite
Free forever
- 1,000 requests / month
- $0.08 / request overage
- Tokenization & proxy
- Community support
Plus
~200-300 daily transactions
- 20,000 requests / month
- $0.04 / request overage
- Ephemeral key sharing
- Email support
Premium
~2,000 daily transactions
- 250,000 requests / month
- $0.02 / request overage
- Dedicated encryption keys
- Priority support
Lite
Free forever
- 1,500 requests / month
- $0.06 / request overage
- AES-256 field encryption
- Community support
Plus
Small to mid-scale encryption
- 30,000 requests / month
- $0.03 / request overage
- Ephemeral key sharing
- Email support
Premium
Large-scale requirements
- 400,000 requests / month
- $0.01 / request overage
- Dedicated encryption keys
- Priority support
Lite
Free forever
- 5 GB storage / month
- AES-GCM encryption
- Presigned URL upload
- Community support
Plus
Standard capacity
- 150 GB storage / month
- Ephemeral key sharing
- Real-time file status
- Email support
Premium
Enterprise-grade storage
- 1,000 GB storage / month
- Dedicated encryption keys
- Envelope encryption
- Priority support
Need More?
For custom volume, dedicated infrastructure, or enterprise requirements, contact our team for a tailored plan.
Contact SalesAPI-First. Works with Any Stack.
A clean REST API with OpenAPI documentation and OAuth2 authentication. Use it from any language or platform. No SDK required.
# Authenticate TOKEN=$(curl -s -X POST \ https://api-auth.enigmavault.io/oauth2/token \ -d "grant_type=client_credentials" \ -d "scope=io.enigmavault/datavault" \ | jq -r .access_token) # Store a secret in the Data Vault curl -X POST \ https://api.enigmavault.io/datavault/secrets \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '[{"plaintext":"SSN-123-45-6789"}]' # Response: [{"token":"a1b2c3...","customIdentifier":null}]
Let's Talk Security
Have questions about Enigma Vault, need a custom plan, or want to see a live demo? Fill out the form and our team will get back to you within one business day.
- (877) 977-2083
-
30 Broad St., Suite 14114
New York, NY 10004