Searching encrypted data in vault


I want to store unique citizen identity numbers (similar to SSN in USA) and want to use Vault for storing, searching and retrieving the identity numbers.

After storing, we want to generate unique identifier for every encrypted identity number that can be used to map the encrypted information with rest of the system.

We also want to search if a particular identity number in clear text is already available in encrypted vault (for dedupe process). How can I do it in Vault?

Does vault provide or support blind indexes for searching over encrypted information?


No - in such a use-case, you’d have to hash or HMAC the cleartext identity number before storing it in Vault, or doing a lookup to see if that hashed/HMACed identity number was already stored.

You can use Convergent Encryption features, so the encryption result always same
Transit - Secrets Engines | Vault | HashiCorp Developer

1 Like