Docs
Collections
Custom apps
Custom elements
Environments
Keyboard shortcuts
Mission Control
Projects
Task management
Terminology

Data encryption

Jan Cerman

2 minutes

Security

Kontent.ai protects your content at several levels. When you edit your content in Kontent.ai, your data is encrypted in transit. Once your work is done, Kontent.ai encrypts your data at rest. The encryption is compliant with NIST 800-57

, which provides guidelines on cryptographic key management.

Access to Kontent.ai resources by end users is encrypted in transit with HTTPS transport layer security (TLS). We support TLS 1.3 and TLS 1.2 with strong cipher suites to protect from man-in-the-middle attacks. Support for older protocols and cipher suites is disabled due to known security vulnerabilities. All ciphers support perfect forward secrecy to ensure that even intercepted traffic cannot be decrypted in the future. List of supported ciphers:

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The Kontent.ai infrastructure runs on Microsoft Azure. Whenever you add or change the content in Kontent.ai, it’s stored in a Microsoft Azure data center. To secure your data at rest, we use service-managed transparent data encryption. Your data is safely encrypted at rest

using the industry-standard AES 256

cipher. This way we protect the confidentiality of your data stored on physical disks in any digital format.

This is also a requirement for all Kontent.ai providers that store customer data in any form.

We also use encryption to ensure the integrity of data. That is to ensure that the data hasn’t been modified since its creation.

For example, for the signatures of API keys used by Kontent.ai APIs, we use the RSA signature

and HMAC

with the SHA-256

hash function (HMAC-SHA-256). This way we can ensure that the API keys were issued by Kontent.ai or Auth0 as an identity provider.

To generate cryptographically strong random values, we use the .NET Random Number Generator

For sensitive operations and applying cryptographic protection in general, we use the HMAC-SHA-256 or SHA-256 algorithms.

Kontent.ai Learn

Encryption in transit

Encryption at rest

Other uses of encryption

Encryption in transit

Encryption at rest

Other uses of encryption

Cheat sheets
Documentation
API reference
Product updates
Sign in

Try Kontent.ai
Plan
Set up
Model
Develop
Create

Web
Privacy policy
Cookies policy
Consent settings
Security
GDPR

Data encryption | Kontent.ai Learn

We value transparency and trustFor more detailed information on data security and privacy, visit the Kontent.ai Trust Center

, which includes essential artifacts on overall security, governance, compliance, and privacy.