Introducing Native Encryption in Turso Cloud

Turso Cloud has introduced Native Encryption with a Bring-Your-Own-Key (BYOK) model to enhance data security for applications handling sensitive information, such as AI agents, fintech, and healthcare apps. This model allows users to encrypt their data with their own keys, ensuring that Turso Cloud never accesses the data itself. Each database query or sync request is encrypted with a user-controlled key, and databases are encrypted at rest as part of SOC2 compliance. The encryption employs AEAD algorithms, including AEGIS, AES-GCM, and ChaCha20-Poly1305, to provide data protection and integrity. Encryption keys are managed in memory per connection and are never stored on disk. Users are responsible for generating and securely storing their encryption keys, as access to the encrypted data is impossible without them. Turso Cloud also supports branching and point-in-time recovery for encrypted databases, making this feature available on their Enterprise plan to build highly trusted agents that leverage previously inaccessible data for improved decision-making.