Skip to main content
Raven is built with a multi-layer security architecture. Every request passes through encryption, authentication, authorization, and monitoring before reaching your LLM providers.

Encryption at Rest

All sensitive data stored by Raven is encrypted using AES-256-GCM, the industry standard for authenticated encryption.
  • Algorithmaes-256-gcm with a 16-byte initialization vector and 16-byte authentication tag
  • Key derivation — PBKDF2 with SHA-512 and 100,000 iterations ensures encryption keys are resistant to brute-force attacks
  • What is encrypted — Provider API keys, webhook signing keys, and any credentials stored in the platform
AES-256-GCM provides both confidentiality and integrity. The authentication tag ensures that ciphertext cannot be tampered with without detection.

Encryption in Transit

All traffic to and from Raven is encrypted with TLS 1.2+.
  • API endpoints enforce HTTPS — plaintext HTTP connections are rejected
  • Upstream requests to LLM providers use TLS
  • Internal service-to-service communication uses encrypted channels

API Key Hashing

Virtual keys issued to your applications are hashed before storage. Raven never stores the raw key material in the database. 
rk_live_abc123def456...
|  |     |
|  |     --- Random key material (hashed with SHA-256 before storage)
|  --- Environment: live or test
--- Prefix: identifies Raven keys
When a request arrives, Raven hashes the provided key and looks up the hash. The original key cannot be recovered from the stored hash.

PBKDF2 Key Derivation

Provider API keys are encrypted before storage using a key derived via PBKDF2:
ParameterValue
AlgorithmPBKDF2
Hash functionSHA-512
Iterations100,000
Key length256 bits (32 bytes)
SaltApplication-scoped constant
This makes it computationally expensive to derive the encryption key even if the encrypted ciphertext is exposed.

Security Headers

Every response from Raven includes security headers to protect against common web attacks:
HeaderValuePurpose
Strict-Transport-Securitymax-age=31536000Forces HTTPS
X-Content-Type-OptionsnosniffPrevents MIME sniffing
X-Frame-OptionsDENYPrevents clickjacking
X-XSS-Protection1; mode=blockLegacy XSS protection
Referrer-Policystrict-origin-when-cross-originLimits referrer leakage

Request Body Size Limits

Raven enforces a 10 MB maximum request body size to prevent abuse and denial-of-service attacks. Oversized requests are rejected with a 413 Payload Too Large response before any processing occurs.

Rate Limiting

Every virtual key can have independent rate limits. See Rate Limiting for details.
  • Requests per minute (RPM) — Short-term burst protection
  • Requests per day (RPD) — Long-term usage caps
  • Backed by Redis for distributed, low-latency enforcement

Multi-Layer Security Architecture

Requests pass through multiple security layers before reaching a provider:
1

TLS Termination

HTTPS connection is established. Plaintext is rejected.
2

Authentication

The virtual key is hashed and verified against the database.
3

Rate Limiting

RPM and RPD counters are checked in parallel via Redis.
4

Budget Check

Organization-level, team-level, and key-level budgets are verified.
5

Guardrail Evaluation

Content is scanned for PII, prompt injection, and custom rules. See Prompt Injection Detection.
6

Provider Forwarding

The request is forwarded to the upstream provider over TLS with decrypted credentials.

Data Protection

  • Base64 filtering — Image data is automatically stripped from request logs to reduce storage and prevent sensitive image data from persisting
  • Request ID tracking — Every request is assigned a unique ID for tracing
  • Audit logging — All administrative actions are recorded with actor, timestamp, and details

Infrastructure Security

ComponentSecurity Feature
PostgreSQLEncrypted connections, role-based access
RedisMemory-limited with LRU eviction, used for rate limits and caching
APIHono framework with security middleware stack
WebNext.js with CSP headers

Next Steps

Rate Limiting

Control request throughput per key.

Prompt Injection

Detect and block injection attacks.