website logo
⌘K
JumpWire Overview
Database Proxy
HTTP Proxy
Concepts
Group Access
Policies
Databases
Clusters
Deployment
Self-hosting with AWS ECS
Self-hosting with Helm
Components
Vault Integration
Configuration
Observability
CLI
Encryption key stores
Encryption format
Architecture
Docs powered by
Archbee
JumpWire Overview

Database Proxy

4min

When running as a database proxy, JumpWire sits between the application and database and proxies the wire connection. JumpWire will inspect SQL queries that insert or retrieve data, transform column data if necessary, then return the results. Since JumpWire works with the existing database protocol, only the database connection parameters need to be updated for an application to connect through JumpWire.

Document image


For applications that don’t operate on sensitive data, they can continue to connect to the database directly.

Example

In this example, an application is configured to connect to PostgreSQL through JumpWire. The "Last Name" and "Username" fields are both labeled as PII.

Schema labels
Schema labels




A policy is configured to automatically encrypt any fields that are labeled as PII. Only connections classified as Confidential are allowed to retrieve the decrypted values.

Encryption policy
Encryption policy




When our application connects without any classification, it gets back valid data for most fields but encrypted versions of the PII fields:

Encrypted data
Encrypted data




Updating the connection in the Databases settings to have a Confidential classification allows the decrypted data to be retrieved. After updating the classification, new queries will immediately return decrypted data without any application updates.

Decrypted data
Decrypted data




The same behavior can be seen when connecting directly to the database instead of connecting to JumpWire with an allowed classification. Attempting to bypass JumpWire will only allow the client to retrieve the data from PostgreSQL in its encrypted format.

Direct query in psql
Direct query in psql




Updated 19 Jun 2023
Did this page help you?
PREVIOUS
JumpWire Overview
NEXT
HTTP Proxy
Docs powered by
Archbee
TABLE OF CONTENTS
Example
Docs powered by
Archbee