Encryption
Status: Placeholder. Content currently lives inline in approvals-and-annotations and enforcement. A dedicated page will extract the AES-256-GCM, envelope encryption, and key rotation sections.
Quick Reference
TnsAI uses AES-256-GCM for at-rest encryption of sensitive fields. Keys are managed via an envelope pattern (data key + master key).
See Enforcement for the current encryption section.
Planned Content
- AES-256-GCM setup.
- Envelope encryption (data encryption key + master key).
- Key rotation.
- Integration with external KMS.
Security
The Quality module provides a layered security framework: annotation-driven access control and encryption (SecurityEnforcer), content moderation (PatternBasedModerator), prompt injection detection (PromptInjectionDetector), sandboxed execution, audit logging, and input validation (ValidationService).
Prompt Injection Defense
Next Page