Encrypted Analytics

Skyflow can run analytics operations on your data while it remains encrypted, ensuring the highest level of privacy and security. By the end of this guide, you will have:

  • Made a SQL query over encrypted data from Skyflow Studio
  • Made a SQL query over encrypted data via the API

Before you begin

  1. Make sure you have created a vault. See Create a Vault for more details.
  2. Make sure you have created and authenticated an API service account. See Create a Service Account for more details.

Running encrypted analytics operations

Skyflow keeps your data encrypted, even when computing analytics operations. To preserve data privacy, certain types of operations are not allowed depending on how sensitive the underlying data is. For instance, the ‘exact match’ operation is not allowed on the ‘Date of Birth’ field. To learn more about which operations are allowed on which fields, see Privacy Data Types.

You can perform encrypted analytics operations in one of the following ways:

  1. Using Skyflow Studio
  2. Using Skyflow APIs

Using Skyflow Studio

To use the Skyflow Studio to perform analytics operations:

  1. Go to the Vault Browser.
  2. Click Blocks on the left. The SQL Queries tab expands.
  3. Enter an SQL query. You can use one of the saved queries or write your own query.
  4. Click Run.

Remember, not all operations are allowed on all types of data. See Privacy Data Types for more information.

Using Skyflow APIs

You can also execute SQL queries via the query endpoint in the API. To use the query endpoint, you’ll need to supply the following parameters:

Parameter Type Description
URL path (string) The URL to access your Skyflow APIs.

It will be in this format: https://{org-name}.{account-name}.vault.skyflowapis.com
VAULT_ID path (string) The ID of the vault where the customer details are stored.
QUERY body (JSON) The query that you would like to execute.

The following sample request returns all the values in the ‘marital_status’ field of the Persons table via a SQL query:

curl 'https://{URL}/v1/vaults/{vaultID}/query' \
-X POST \
-H 'accept: application/json, text/plain, */*' \
-H 'content-type: application/json' \
-H 'authorization: Bearer <Token>' \
--data-binary '{"query":"select marital_status from persons;"}'

The response for such a request would return the ‘marital_status’ field for each record in the table (limited to 3 records in the example):

{
   "records": [
       {
           "fields": {
               "marital_status": "UNMARRIED"
           }
       },
       {
           "fields": {
               "marital_status": "DOMESTIC_PARTNER"
           }
       },
       {
           "fields": {
               "martial_status": "ANNULLED"
           }
       }
}