In Transit Encryption
Data is always encrypted in transit using TLS — both between the client and PowerSync, and between PowerSync and the source database.At Rest Encryption
The client-side database can be encrypted at rest. This is currently available for:Flutter
Flutter
SQLCipher support is available for Flutter through the
powersync_sqlcipher SDK. See usage details in the package README:powersync_sqlcipher
React Native & Expo
React Native & Expo
SQLCipher support is available for PowerSync’s React Native SDK through the
@powersync/op-sqlite package. See usage details in the package README:npm: @powersync/op-sqlite
JavaScript Web
JavaScript Web
The Web SDK uses the ChaCha20 cipher algorithm by default. See usage details in the package README:Additionally, a minimal example demonstrating encryption of the web database is available here.
npm: @powersync/web
Support for encryption on other platforms is planned. In the meantime, let us know your needs and use cases on Discord.
End-to-end Encryption
For end-to-end encryption, the encrypted data can be synced using PowerSync. The data can then either be encrypted and decrypted directly in memory by the application, or a separate local-only table can be used to persist the decrypted data — allowing querying the data directly.See Also
- Database Setup → Security & IP Filtering
- Resources → Security