Encryption

Reoclo protects sensitive material using envelope encryption with AES-256-GCM. A unique data encryption key (DEK) is generated per secret, while a key encryption key (KEK) derived from the master key wraps each DEK. This model limits blast radius and keeps cryptographic boundaries explicit across stored records.

SSH private keys for server connections and application environment variables both use this pattern before persistence in MongoDB. Decryption occurs only in trusted execution paths, primarily inside worker processes that need the secret to perform deployment actions.

Authenticated encryption (GCM) provides confidentiality and integrity checks in one step. Combined with strict key handling and runtime-only decryption, this design reduces accidental exposure risk and supports auditable secret lifecycle controls.