Security
Field-level encryption for protecting sensitive data in your Astreus agents
Overview
Astreus includes built-in AES-256-GCM encryption to protect sensitive data stored in your database. This feature provides transparent field-level encryption for conversations, system prompts, task data, and knowledge base content.
Quick Setup
1. Generate Encryption Key
# Generate a cryptographically secure 256-bit key
openssl rand -hex 322. Configure Environment
# Enable encryption
ENCRYPTION_ENABLED=true
# Your secure master key (keep this secret!)
ENCRYPTION_MASTER_KEY=your-256-bit-encryption-key-here
# Optional: specify algorithm (default: aes-256-gcm)
ENCRYPTION_ALGORITHM=aes-256-gcm3. Use Normally
import { Agent } from '@astreus-ai/astreus';
// Create agent with sensitive system prompt
const agent = await Agent.create({
name: 'SecureAgent',
systemPrompt: 'Your confidential business logic here', // ← Automatically encrypted
memory: true,
knowledge: true
});
// All interactions automatically encrypted
const response = await agent.ask('Sensitive question here');
// Knowledge uploads automatically encrypted
await agent.knowledge.addDocument(
'Confidential Document',
'Sensitive content here' // ← Automatically encrypted
);Key Management
Master Key Requirements
- Minimum Length: 32 characters (256 bits)
- Generation: Use cryptographically secure random generators
- Storage: Store securely outside of codebase
- Rotation: Plan for periodic key rotation
How is this guide?