Encrypt, tokenize, or mask data based on identity
Apply data protection at the record or file level, enforced by your existing IAM policies — not just where the data is stored.
> Read the whitepaper on our identity-driven data security platform
Identity-driven encryption, tokenization, and masking for secure, compliant data access.
Storage encryption isn’t identity-aware or effective at protecting sensitive data – and that’s the problem.
DBA, server, and cloud admin credentials easily bypass transparent and full disk encryption
Data is exposed the moment it’s accessed or shared
No way to enforce policies based on user identity, role, or system context
How It Works
We’ve abstracted the messy and complex world of encryption, tokenization, masking, and key management into a simple API call and elegant integrations, allowing you to confidently secure sensitive data on the client-side in minutes.
New data generated
Existing data requested
Data is created or collected from normal user input or process
(Your) IAM enforces access policy
Data is secured without leaving your environment.
Ciphertext is stored - not cleartext
Data access is identity-bound; safe from DB compromise
User or process requests data
(Your) IAM enforces access policy
Ciphertext is retrieved from storage
Data is converted to cleartext without leaving your environment.
Data is safely returned to the process
Store Data Securely
Keep your data safe no matter where it’s stored.
Each record, field, or file is encrypted, tokenized, or masked before storage, and only authorized identities can access it later. Storage and admins only ever see ciphertext.
Share & Analyze Data Confidently
Grant or restrict sensitive data access based on identities in your existing identity provider.
Ubiq connects to your existing identity provider via SCIM, so you can enforce encryption, tokenization, and masking policies through your existing policies, ensuring each human or non-human identity only sees the data they’re authorized to. No need to replicate or manage identities in a separate system.
ubiq = require('ubiq-security' 1.0.5)
const credentials =
new ubiq.Credentials('T31i/+eZAsURqVOO/0WfkGqd',
'GyPujOPlRcQu+uF7sZchT0c1BsUMkyqcIlz0ss3FhciS',
'AkQ9vGDsUhZPHk+YUSekFEJSP0XzKouEpfMIt6ZvmEfd')
plaintext_data = 'ABC'
encrypted_data = await ubiq.encrypt(credentials, plaintext_data)
console.log(encrypted_data.toString('base64'))
decrypted_data = await ubiq.decrypt(credentials, encrypted_data)Integrated and Automated Key Management
Manage cryptographic keys without the overhead.
Identity-driven policies tie access to data and keys together. Our integrated key management handles generation, rotation, and enforcement, with optional support for your HSM or KMS.
DATA SECURITY, WITHOUT THE COMPLEXITY.
Built to protect data wherever it lives, within your managed infrastructure.
Our no/low-code integrations allow you to quickly and easily encrypt, tokenize, or mask sensitive data directly in your databases, data warehouses, applications, and API gateways. And always tie sensitive data access to identities managed in your IAM.
Node.js
Ruby
Python
C
C++
C#
Java
GO
Snowflake
const ubiq = require('ubiq-security')
// Explicitly set the credentials.
const credentials = new Credentials('', '', '')
// Encrypt a block of data.
const encrypted_data = await ubiq.encrypt(credentials, plainntext_data)
// Decrypt a block of data.
const plainttext_data = await ubiq.decrypt(credentials, encrypted_data)
require 'ubiq-security'
include Ubiq
# Explicitly set the credentials.
credentials = Credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")
# Encrypt a block of data.
encrypted_data = encrypt(credentials, plaintext_data)
# Decrypt a block of data.
plaintext_data = decrypt(credentials, encrypted_data)
# Require the Security Client.
import ubiq_security as ubiq
# Explicitly set the credentials.
credentials = ubiq.credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")
# Encrypt a block of data.
encrypted_data = ubiq.encrypt(credentials, plaintext_data)
# Decrypt a block of data.
plaintext_data = ubiq.decrypt(credentials, encrypted_data)
#include
struct ubiq_platform_credentials * creds = NULL;
void * ptbuf = NULL, * ctbuf = NULL;
size_t ptlen = 0, ctlen = 0;
/*
* load credentials from the environment
* or the credentials file
*/
ubiq_platform_credentials_create(creds);
/* initialize ptbuf and ptlen */
...
/* Encrypt a block of data. */
ubiq_platform_encrypt(creds, ptbuf, ptlen, ctbuf, ctlen);
/* Decrypt a block of data. */
ubiq_platform_decrypt(creds, ctbuf, ctlen, ptbuf, ptlen);
free(ctbuf);
free(ptbuf);
ubiq_platform_credentials_destroy(creds); #include
/*
* load credentials from the environment
* or the credentials file
*/
ubiq::platform::credentials creds;
std::vector ptbuf, ctbuf;
/* initialize ptbuf */
...
/* Encrypt a block of data. */
ctbuf = ubiq::platform::encrypt(creds, ptbuf.data(), ptbuf.size());
/* Decrypt a block of data. */
ptbuf = ubiq::platform::decrypt(creds, ctbuf.data(), ctbuf.size()); using UbiqSecurity;
/* explicitly set the credentials */
var credentials = UbiqFactory.CreateCredentials(accessKeyId: "...", secretSigningKey: "...", secretCryptoAccessKey: "...");
/* Encrypt a block of data. */
byte[] plainBytes = ...;
byte[] encryptedBytes = await UbiqEncrypt.EncryptAsync(credentials, plainBytes);
/* Decrypt a block of data. */
plainBytes = await UbiqDecrypt.DecryptAsync(credentials, encryptedBytes);import com.ubiqsecurity.UbiqCredentials;
import com.ubiqsecurity.UbiqDecrypt;
import com.ubiqsecurity.UbiqEncrypt;
import com.ubiqsecurity.UbiqFactory;
// Explicitly set the credentials.
UbiqCredentials credentials = UbiqFactory.createCredentials("", "", "", null);
// Encrypt a block of data.
byte[] plainBytes = ...;
byte[] encryptedBytes = UbiqEncrypt.encrypt(credentials, plainBytes);
// Decrypt a block of data.
plainBytes = UbiqDecrypt.decrypt(credentials, encryptedBytes); import "gitlab.com/ubiqsecurity/ubiq-go"
var plaintext []byte = ...
// load the default credentials
credentials, _ := ubiq.NewCredentials()
// encrypt a block of data
ciphertext, _ := ubiq.Encrypt(credentials, plaintext)
// decrypt a block of data
plaintext, _ := ubiq.Decrypt(credentials, ciphertext)# Initialize credentials into the current session
call ubiq_begin_fpe_session(dataset_names, access_key,
secret_key, secret_crypto_access_key);
# Encrypt a block of data.
select ubiq_fpe_encrypt_cache(plain_text, dataset_name);
# Decrypt a block of data.
select ubiq_fpe_decrypt_cache(cipher_text, dataset_name);
# Querying encrypted data stored in a table
select name, address, ubiq_fpe_decrypt_cache(sensitive_info, dataset_name) from secure_table;
# Inserting encrypted data to a table
insert into secure_table (name, address, sensitive_info) values ("Jeff", "101 Anywhere St",
ubiq_fpe_encrypt_cache(sensitive_info, dataset_name));
# Tear down the Ubiq Session
call ubiq_close_fpe_session(access_key, secret_key);Integrations galore
Integrations are available for the most popular programming languages, databases and warehouses, API gateways, and SaaS platforms.
- 30+ native integrations
- IAM-driven access enforcement
- FIPS 140-2 Level 3-compliant key storage
- Only NIST approved algorithms
- Data never leaves your environment
- Simple integrations & scalable APIs
30+ integrations across your stack – from applications to infrastructure
Integrate our no-code, software-based integrations across databases, warehouses, and gateways or our lightweight code-based integrations to protect sensitive data directly in your applications.
