Database Proxy
When running as a database proxy, JumpWire sits between the application and database and proxies the wire connection. JumpWire will inspect SQL queries that insert or retrieve data, transform column data if necessary, then return the results. Since JumpWire works with the existing database protocol, only the database connection parameters needs to be updated for an application to connect through JumpWire.
For applications that don’t operate on sensitive data, they can continue to connect to the database directly.
Example
In this example an application is configured to connect to PostgreSQL through JumpWire. The "Last Name" and "Username" fields are both labeled as PII.
A Policy is configured to automatically encrypt any fields that are labeled as PII. Only connections Classified as Confidential are allowed to retrieve the decrypted values.
When our application connects without any classifcation, it gets back valid data for most fields but encrypted versions of the PII fields:
Updating the connection in the Database settings to have a Confidential classification allows the decrypted data to be retrieved. After updating the classification, new queries will immediately return decrypted the data without any application updates.
The same behavior can be seen when connecting directly to the database instead of connecting to JumpWire with an allowed classification. Attempting to bypass JumpWire will only allow the client to retrieve the data from PostgreSQL in its encrypted format.
