I'm handling sensitive data that needs to be processed by a large language model (LLM) and then encrypted into a storage bucket. I want to avoid using the default KMS (Key Management Service) for encryption, and I need to ensure that this data is safely decrypted on the client-side using something like webcrypto. The main concern is that this data should not be exposed to any cloud infrastructure during this process. Can anyone validate my approach or provide suggestions on how to achieve this securely?
5 Answers
If you're not hosting your own private LLM instance, then using a public one might be your weakest link in security. Just something to think about.
One thing to consider is how you'll handle encryption while the data is being processed by the LLM. That's where it gets tricky because encryption in memory is a bigger challenge compared to encrypting storage or transit.
If you trust AWS, using KMS with a CMK can work well without exposing the data to the cloud. You might also want to look into client-side encryption for added security. AWS’s SSE-C (Server-Side Encryption with Customer-Provided Keys) might be another layer to consider, as they never store the encryption key.
You can definitely use a KMS Customer Master Key (CMK) to encrypt your objects in S3 while keeping everything secure. Just make sure your key management is in place to prevent exposure.
For added assurance, think about performing layer 7 encryption within your app. If you have concerns about trusting AWS, this can give you more control over your data!
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically