Baffle for Lower Environments is specifically designed to copy and de-identify sensitive production databases into development, testing, and DevOps lower environments. Format Preserving Encryption (FPE) protects data while preserving the original data type, length, and format. This is critical for testing applications that rely on those traits as well as testing infrastructure for processing, storage, and bandwidth requirements.

Both source and target databases must be PostgreSQL (AWS EC2, RDS, or Aurora RDS).

Use AWS DMS (or native Postgres tools) for migration (one-time or continuous updates) and AWS KMS for key management. Baffle never has access to your data or encryption keys.

No corresponding token vault is required, eliminating the need to secure it or worry about related performance issues. The data can be restored later if desired or the encryption key can be destroyed there is no need to restore the data.

Baffle Manager is a web-based GUI to configure, manage, and audit Baffle Shield proxies. Baffle Manager for Lower Environments is free but must be used in conjunction with Baffle Shield for Postgres Duplication using Format Preserving Encryption