Long answer: The main application-level encryption key is stored externally in Doppler. Each project’s encryption key is encrypted using this main key. The main key is loaded as an environment variable when the backend server runs. After a set period (X days), the main key is automatically rotated, and all project keys are re-encrypted with the new main key and updated in Doppler.
Project keys are assigned to specific user accounts, so only the assigned users can decrypt them. The application does not use end-to-end encryption because future planned features require server-side encryption and decryption rather than client-side.
Yes, using LLMs can reduce privacy. To address this, we only send the necessary metadata and selected content to the models. In Ask mode, content is only sent if the user explicitly selects it. Edit mode works the same way: only the specifically selected text or code is passed to the model.
Short answer: Server-side encryption.
Long answer: The main application-level encryption key is stored externally in Doppler. Each project’s encryption key is encrypted using this main key. The main key is loaded as an environment variable when the backend server runs. After a set period (X days), the main key is automatically rotated, and all project keys are re-encrypted with the new main key and updated in Doppler.
Project keys are assigned to specific user accounts, so only the assigned users can decrypt them. The application does not use end-to-end encryption because future planned features require server-side encryption and decryption rather than client-side.
Yes, using LLMs can reduce privacy. To address this, we only send the necessary metadata and selected content to the models. In Ask mode, content is only sent if the user explicitly selects it. Edit mode works the same way: only the specifically selected text or code is passed to the model.
Hope this helps :)