JumpWire Overview

Database Proxy

3min

When running as a database proxy, JumpWire sits between the application and database and proxies the wire connection. JumpWire will inspect SQL queries that insert or retrieve data, transform column data if necessary, then return the results. Since JumpWire works with the existing database protocol, only the database connection parameters need to be updated for an application to connect through JumpWire.

Document image


For applications that don’t operate on sensitive data, they can continue to connect to the database directly.

Example

In this example, an application is configured to connect to PostgreSQL through JumpWire. The "Last Name" and "Username" fields are both labeled as PII.

Schema labels
Schema labels




A policy is configured to automatically encrypt any fields that are labeled as PII. Only connections classified as Confidential are allowed to retrieve the decrypted values.

Encryption policy
Encryption policy




When our application connects without any classification, it gets back valid data for most fields but encrypted versions of the PII fields:

Encrypted data
Encrypted data




Updating the connection in the Databases settings to have a Confidential classification allows the decrypted data to be retrieved. After updating the classification, new queries will immediately return decrypted data without any application updates.

Decrypted data
Decrypted data




The same behavior can be seen when connecting directly to the database instead of connecting to JumpWire with an allowed classification. Attempting to bypass JumpWire will only allow the client to retrieve the data from PostgreSQL in its encrypted format.

Direct query in psql
Direct query in psql




Updated 25 Mar 2024
Doc contributor
Doc contributor
Did this page help you?