Bluvo implements enterprise-grade encryption for all exchange API keys and sensitive credentials. Through our integration with the @better-auth API Keys plugin and our multi-tenant architecture, your exchange credentials are encrypted at rest, isolated by tenant, and protected through multiple security layers.
Exchange API keys represent direct access to funds and require exceptional security. Unlike typical API credentials, crypto exchange keys:
Can authorize trading operations and withdrawals if compromised
Are typically long-lived and don’t always support automatic rotation
Provide broad permissions that are difficult to scope down
Are targeted specifically by sophisticated attackers
Once exchange credentials are leaked, the damage is immediate and often irreversible. This reality creates additional challenges:
Securing keys while maintaining high-performance access
Preventing lateral movement between customer environments
Meeting regulatory requirements for data protection
Providing cryptographic proof of isolation for audits
Bluvo’s encryption architecture solves these problems with a comprehensive approach that provides defense in depth for your most sensitive credentials.
Bluvo doesn’t just encrypt your data; it wraps it in multiple layers of battle-tested protection that work together to create an impenetrable security shield.
What makes Bluvo’s approach to encryption truly unique is how it integrates with our multi-tenant architecture. This isn’t just another security feature; it’s a fundamental design principle.
Copy
// Tenant isolation in actionconst decryptCredentials = async (encryptedData, tenantId) => { // Each tenant has its own encryption key that can ONLY // decrypt their own data const tenantKey = await keyManager.getTenantKey(tenantId); return decrypt(encryptedData, tenantKey);};
True tenant isolation keeps your data in separate databases with separate encryption keys
Cryptographic boundaries ensure that even in worst-case scenarios, breaches can’t cross tenant lines
Global consistency maintains identical security standards across all geographic regions
This combination creates both logical and cryptographic separation between tenants; a security approach that requires multiple simultaneous compromises to breach.
Here’s how simple it is to securely connect a wallet to your Bluvo account:
Copy
// Connect a wallet with Binance API credentialsimport {createClient} from '@bluvo/sdk-ts';// Get yours at https://docs.bluvo.co/introductionconst client = createClient({ orgId: "a2e98409-cd68-48c4-853c-73d9228764c0", // Org database projectId: "b16e1c13-74ad-4b95-b252-0c12e2215b18", // My project apiKey: "Your bluvo secret API key"});const {workflowRunId} = await client .wallet .connect( 'binance', 'i decide my own wallet id', '<your-binance-account-api-key>', '<your-binance-account-api-secret>' );// Behind the scenes, Bluvo:// 1. Identifies your organization using the orgId// 2. Verifies your project and API key permissions// 3. Validates the exchange API keys with a test interaction// 4. Encrypts credentials using node:crypto aes-256-cbc// 5. Stores encrypted values in your isolated database
From this point forward, you can use Bluvo’s API without ever handling the raw credentials again: