Problem
Engram stores sensitive memories in plaintext. For HIPAA/GDPR compliance, memories containing PII should be encrypted at rest.
Proposed Solution: Encrypted Storage
const memory = new Engram({
storage: {
provider: "encrypted",
encryption: {
algorithm: "AES-256-GCM",
keySource: "env:ENGRAM_ENCRYPTION_KEY", // or KMS integration
keyRotation: "90d" // Rotate keys every 90 days
}
}
})
// Store sensitive memory - auto-encrypted
await memory.store("Patient John Doe SSN: 123-45-6789")
// Stored as: AES-256-GCM encrypted blob
// Retrieve - auto-decrypted (if authorized)
const result = await memory.recall("patient SSN")Key Management Integration
// AWS KMS
const memory = new Engram({
storage: {
encryption: {
kms: {
provider: "aws-kms",
keyId: "arn:aws:kms:us-east-1:123:key/abc",
region: "us-east-1"
}
}
}
})
// HashiCorp Vault
const memory = new Engram({
storage: {
encryption: {
vault: {
url: "https://vault.internal",
path: "secret/engram"
}
}
}
})Compliance
- HIPAA: PHI encrypted at rest
- GDPR: Personal data encrypted
- SOC 2: Data protection controls
- PCI-DSS: Cardholder data encrypted
This enables regulated industry use cases.
Problem
Engram stores sensitive memories in plaintext. For HIPAA/GDPR compliance, memories containing PII should be encrypted at rest.
Proposed Solution: Encrypted Storage
Key Management Integration
Compliance
This enables regulated industry use cases.