Encryption
Synapse Layer encrypts memory content at rest using AES-256-GCM. Every write operation uses a fresh random initialization vector.
On this page
Algorithm
| Property | Value |
|---|---|
| Cipher | AES-256-GCM |
| Key size | 256 bits |
| IV length | 12 bytes (random per operation) |
| Auth tag length | 16 bytes (128 bits) |
| Mode | Authenticated encryption (encrypt-then-authenticate) |
Implementation Details
The encryption flow for each store() operation:
- Generate a cryptographically random 12-byte IV
- Encrypt the sanitized content using AES-256-GCM with the environment key and generated IV
- Extract the 16-byte GCM authentication tag
- Store the encrypted content, IV, and auth tag as separate database columns
On recall():
- Read the encrypted content, IV, and auth tag from the database
- Validate the GCM authentication tag (rejects if tampered)
- Decrypt the content using the environment key and stored IV
- Return the decrypted content to the caller
Key Management
- Encryption keys are managed per environment (development, production)
- Keys are stored as environment variables, not in source code or database
- Keys are never logged or exposed in API responses
- Key rotation requires re-encryption of affected records
Tamper Detection
The GCM authentication tag provides built-in tamper detection:
- Any modification to the encrypted content, IV, or auth tag will cause decryption to fail
- Failed decryption returns an error, never corrupted data
- This is the fail-closed principle applied to data integrity
What Is (and Is Not) Encrypted
Encrypted
- Memory content (the text stored by the agent)
Not Encrypted (stored in plaintext)
- Embedding vectors (protected by differential privacy noise instead)
- Metadata fields (agent_id, intent, timestamp, TQ score)
- Tenant ID and user associations
- Audit trail records
Boundaries
Warning
Encryption is server-side. The server processes plaintext content during the security pipeline (sanitization, validation, embedding generation) before encrypting for storage. This is a deliberate design choice that enables the security pipeline to function.
- This is not end-to-end encryption
- The server has access to plaintext during processing
- Content is encrypted only at rest (in the database)
- Transport-level encryption (HTTPS/TLS) protects data in transit