Encryption

Synapse Layer encrypts memory content at rest using AES-256-GCM. Every write operation uses a fresh random initialization vector.

Algorithm

PropertyValue
CipherAES-256-GCM
Key size256 bits
IV length12 bytes (random per operation)
Auth tag length16 bytes (128 bits)
ModeAuthenticated encryption (encrypt-then-authenticate)

Implementation Details

The encryption flow for each store() operation:

  1. Generate a cryptographically random 12-byte IV
  2. Encrypt the sanitized content using AES-256-GCM with the environment key and generated IV
  3. Extract the 16-byte GCM authentication tag
  4. Store the encrypted content, IV, and auth tag as separate database columns

On recall():

  1. Read the encrypted content, IV, and auth tag from the database
  2. Validate the GCM authentication tag (rejects if tampered)
  3. Decrypt the content using the environment key and stored IV
  4. Return the decrypted content to the caller

Key Management

  • Encryption keys are managed per environment (development, production)
  • Keys are stored as environment variables, not in source code or database
  • Keys are never logged or exposed in API responses
  • Key rotation requires re-encryption of affected records

Tamper Detection

The GCM authentication tag provides built-in tamper detection:

  • Any modification to the encrypted content, IV, or auth tag will cause decryption to fail
  • Failed decryption returns an error, never corrupted data
  • This is the fail-closed principle applied to data integrity

What Is (and Is Not) Encrypted

Encrypted

  • Memory content (the text stored by the agent)

Not Encrypted (stored in plaintext)

  • Embedding vectors (protected by differential privacy noise instead)
  • Metadata fields (agent_id, intent, timestamp, TQ score)
  • Tenant ID and user associations
  • Audit trail records

Boundaries

Warning

Encryption is server-side. The server processes plaintext content during the security pipeline (sanitization, validation, embedding generation) before encrypting for storage. This is a deliberate design choice that enables the security pipeline to function.
  • This is not end-to-end encryption
  • The server has access to plaintext during processing
  • Content is encrypted only at rest (in the database)
  • Transport-level encryption (HTTPS/TLS) protects data in transit