Security

Encryption at Rest

How Meridian protects your stored data with AES-256-GCM and envelope encryption.

Overview

Every byte of user data persisted by Meridian is encrypted before it touches disk. We use AES-256-GCM with randomly generated per-object keys, wrapped by a root key stored in a hardware-backed key management service.

Envelope Encryption

Meridian never encrypts data directly with the root key. Instead, each object receives a unique data encryption key (DEK). The DEK is encrypted with the root key and stored alongside the ciphertext. This limits exposure and enables key rotation without re-encrypting the entire dataset.

Cipher Suite

AES-256-GCM — authenticated encryption with 96-bit nonce
HKDF-SHA256 — key derivation for sub-keys
Nonces are generated via CSPRNG and never reused under the same key

Key Hierarchy

Root Key (KMS)

├── DEK₁ → Object₁ ciphertext

├── DEK₂ → Object₂ ciphertext

└── DEKₙ → Objectₙ ciphertext

At-Rest Scope

Encryption at rest covers the database layer, file storage, backups, and replication streams. Data in transit is protected by TLS 1.3 with the same cipher suite. Memory-resident plaintext is guarded by guard pages and cleared after use.

Compliance: This architecture satisfies encryption-at-rest requirements for SOC 2, HIPAA, and PCI DSS when combined with appropriate access controls.

Documentation Key Rotation →