Skip to content

APIs for Ubiquitous Encryption

Cosmian’s Ubiquitous Encryption provides security and performance everywhere and at all times.

Cosmian provides developer APIs in libraries and server components so that developers and data engineers can quickly and transparently implement ubiquitous encryption: data is encrypted everywhere and at all times:

  • At rest and during searching using flexible, secure, modern cryptographic primitives that allow application-level encryption with data partitioning, encrypted indexes and search queries, public key encryption, post-quantum resistance, attributes rotation, etc. See Cloudproof Encryption

  • In use while being processed by a confidential microservice (also encrypted !) in the cloud. See Microservice Encryption

Cryptography implies managing keys, and Cosmian provides a Key Management System with a modern KMIP 2.1 interface. Cosmian KMS can be used as a complete key management solution or to complement an existing enterprise KMS.

Get started immediately !

Cosmian server-side components, most notably the Secure KMS and Cosmian enclaves, are also offered as freemium, so you can get immediately started with implementing privacy by default.

Sample developer code

These are sample pseudo-code workflows. Check the API in your chosen language for details.

Cloudproof Encryption

// Encrypt data with a public key and attributes
let cipher_text = encrypt(
    ["Department::Finance", "Confidentiality::Medium" ]

// Later - create a user decryption key with an access policy
let user_key = create_user_key(
    "(Department::Finance || Department::Marketing) && Confidentiality::TopSecret"

// The user key has an access policy that allows decrypting the data
let clear_text = decrypt(cipher_text, user_key)

Microservice Encryption

Read Microservice Encryption overview for complete guide.

# Create a computation
computation = computation_owner.create_computation(
    'computation name',
    data_providers_emails=['', '],

# encrypt and deploy some data
data_provider.upload_files(computation_uuid, symmetric_key, [path_1, path_2])

# encrypt and deploy a confidential algorithm
code_provider.upload(computation_uuid, symmetric_key, path)

# approve participants of the computation
computation_owner.approve_participants(computation.uuid, "Missing Signature")

# verify everything is secure finalize provisioning
data_provider.key_provisioning(computation_uuid, sealed_symmetric_key)

# when all the participants have done the key provisioning step,
# the computation on the Cosmian enclave automatically starts
result_consumer.key_provisioning(computation.uuid, sealed_symmetric_key)

# collect the encrypted results and decrypt them
encrypted_results = result_consumer.fetch_results(computation.uuid)
print(decrypt(encrypted_results, symmetric_key_ro))

Ready made Plugins

Ready-made plugins seamlessly integrate Cosmian technology with modern data platforms.


Cosmian Data Access nicely integrates with Spark using Parquet files.

    .filter((col("COUNTRY") === "FR") && (col("UNIT") !== "MKG"))
    .partitionBy("COUNTRY", "UNIT")
        "Country::France, Unit::Marketing"

See the cosmian_spark_crypto Github [repository]( for details and [this]( Github Repository for a complete working example.


If you use the Denodo platform, you do not even have to code! Cosmian and Denodo provide a ready-made plugin to securely encrypt your data: Please contact Denodo for details.


Cosmian big data encryption seamlessly integrates into the Saagie DataOps platform]( using the Cosmian Spark plugin.

Check this Github Repository for a working example in the Saagie Platform.

© Copyright 2018-2022 Cosmian. All rights reserved