Halodoc built a distributed, config-driven application-level encryption system to protect PII (bank accounts, payment details, patient data) across microservices at scale. The architecture uses AES-256-GCM with keys cached from HashiCorp Vault at startup, self-describing versioned envelopes for backward-compatible key rotation, and ORM hooks (Java AttributeConverter, Go hooks) to make encryption transparent to business logic. Three storage patterns are addressed: dedicated columns, EAV models, and JSON blobs. The system achieves zero-downtime migration via a two-phase rollout, adds only ~2% latency overhead due to hardware-accelerated crypto and no runtime Vault calls, and supports config-driven key rotation without data rewrapping. Storage overhead is roughly 3.6–3.8x per encrypted field.
Table of contents
Our ChallengeSolution Overview: Config-Driven Application-Level EncryptionArchitecture: How It WorksWhy Config-Based Over Vault Transit Engine?Implementation Across Storage PatternsKey Rotation: Simple & SafeZero-Downtime MigrationPerformance & Storage ImpactConclusionJoin usAbout Halodoc1 Comment
Sort: