Data Encryption

In Transit Encryption

Data is always encrypted in transit using TLS — both between the client and PowerSync, and between PowerSync and the source database.

At Rest Encryption

The client-side database can be encrypted at rest using SQLCipher.

SQLCipher support is currently available for our React Native SDK through the @powersync/op-sqlite package. See usage details in the package README:

npm: @powersync/op-sqlitenpm

Support for SQLCipher on other platforms is planned. In the meantime, let us know with your needs and use cases on Discord.

End-to-end Encryption

For end-to-end encryption, the encrypted data can be synced using PowerSync. The data can then either be encrypted and decrypted directly in memory by the application, or a separate local-only table can be used to persist the decrypted data — allowing querying the data directly.

An example implementation is coming soon.

See Also

• Database Setup → Security & IP Filtering

• Resources → Security