You have been granted access to a live Core0 instance. Data entered here is real — encrypted using ECDSA P-256 and stored in an isolated demo tenant.
tenantdemo
encryptionAES-256-GCM + P-256
environmenthosted · isolated tenant
The employee ID field accepts any identifier — a name, internal reference, national ID, record key, or any value you treat as sensitive. Core0 encrypts all fields identically regardless of type.
Enter any employee record below. Each field is encrypted individually — a separate token is returned for every value. Nothing is stored in plaintext. Ever.
INPUT — employee record
OUTPUT — encrypted tokens
stored as tokens · original values discarded
TERMINAL — encryption flow
// awaiting input — fill a record and click Encrypt
HOW IT WORKS
encryption flow
1
Your app sends a field + value to Core0 Bridge over mTLS
2
Bridge routes to keys-logic — generates a unique AES-256-GCM key per field
3
Key is wrapped with ECDSA P-256 and stored separately from ciphertext
4
A UUID token is returned — the only reference to the encrypted value
5
Your database stores only tokens — zero plaintext PII anywhere
network path
browser
→
nginx TLS
→
SaaS proxy
app-probe
→
Bridge API
→
keys-logic
about employee ID
The employee_id field accepts any identifier — a name, internal reference, national insurance number, passport, or any record key. Core0 applies identical encryption regardless of field type.
tenant isolation
Every request is scoped to demo tenant. In production each customer is fully isolated — separate keys, separate storage, separate audit logs. Tenant deletion removes all data including WAL entries.