Skip to content
/ spark Public

Fireblaze Vault is a tokenization service, useful for the secure storage of sensitive data like PII, Credit Cards, Passports/IDs.

License

Notifications You must be signed in to change notification settings

lfaoro/spark

🔥 Fireblaze Vault

Fireblaze Vault is a tokenization service, aims to be an open platform designed to protect your sensitive data and inherit best-in-class security posture in order to fast-track certifications like PCI DSS, SOC2, HIPAA and others.

Fireblaze Vault helps with tokenization and secure storage of sensitive data, and digital assets like PII, Credit Cards, Passports/IDs, Credentials, and more.

BSD License FOSSA Status Go Report Card Contributor Covenant

Insights

  • vaulting of payment card data (avoid liability and being locked-in to a payment provider)
  • analytics on card scheme, brand, type, currency, banks
  • risk assessment based on geolocation, ip address, black lists
  • 1-click payment solution, driving impulsive sales up by 55%, removing the barrier of card details re-entry
  • automated AML checks on passports/IDs
  • GDPR compliant personal identifiable information (PII) storage

Store a payment card

Request

curl -X POST \
  http://localhost:3000/v1/card \
  -H 'Content-Type: application/json' \
  -d '{
    "holder": "leonardo", # Cardholder name
    "number": "4415281263901560", # Payment card number
    "exp_month": 1, # Expiry month
    "exp_year": 2022, # Expiry year
    "cvc": 123, # MC(Card Verification Code), VISA(Card Verification Value)
    "auto_delete": "THREE_MONTHS" # Delete this data in 3 months
}'

Response

{
  "auto_delete_on": "2020-06-27T07:08:31.500606Z",
  "expires_on": "2022-02-01T00:00:00.000000001Z",
  "first_six": 466945,
  "hash": "ZmJpZC0xNDQzNjM1MzE3MzMxNzc2MTQ4V06Nh[...]",
  "last_four": 8424,
  "metadata": {
    "currency": "USD",
    "issuer": {
      "country": "United States of America",
      "country_code": "US",
      "latitude": 38,
      "longitude": -97,
      "map": "https://www.google.com/maps/search/?api=1&query=38,-97"
    },
    "scheme": "visa"
  },
  "mpi": {
    "acs": "https://secure5.arcot.com/acspage/cap?RID=35325&VAA=B",
    "eci": 2,
    "enrolled": true,
    "par": "eNpdU8tymzAU3ecrvMumYz1AgD2yZnDsTpMZ[...]"
  },
  "request_ip": "127.0.0.1",
  "risk": {
    "score": 30
  },
  "token": "tok_e4912b25-b8ef-4cf8-bb0d-449bcaf58e08",
  "user_agent": "grpc-go/1.25.1"
}

Tech stack

We use protobuf to serialize the data and gRPC to transport it, for compatibility we also support JSON serilization over HTTP transport via reverse-proxy, auto-generated thanks to grpc-gateway, which also generates the Swagger documentation, available at https://doc.fireblaze.io/card.

Sensitive data is encrypted at rest using AES-GCM and an HSM module to generate entropy for the encryption keys which must be FIPS 140-2 Level 3 certified to meet compliance. Check the kms service for the GCP CloudKMS implementation. Feel free to extend the interface with other implementations e.g. AWS CloudHSM

We like to think of data in graphs, leveraging ent as our entity framework, which supports PostgreSQL, MySQL, SQLite, Gremlin.

The infrastructure is designed around Kubernetes with the goal of passing PCI-DSS Level 1 compliance.

The pipelines run on our self-hosted Gitlab, feel free to request access, you can sign-in with your Github account.

Fireblaze Vault is currently in MVP status, we're proud to solve this challenge and excited to share it with the community.

Technical features

  • compliant tokenization of digital assets
  • payment card validation w/ regex & luhn check
  • payment card metadata retrieval
  • payment card risk probability

About

Fireblaze Vault is a tokenization service, useful for the secure storage of sensitive data like PII, Credit Cards, Passports/IDs.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published