Skip to content
AgentZero

Encryption at Rest

Overview

Section titled “Overview”

AgentZero can encrypt sensitive data at rest using AES-256-GCM with Argon2id key derivation. This covers:

  • Audit logs — encrypted line-by-line (appendable without re-encrypting)
  • Session history — saved as .json.enc files
  • Secret vault — always encrypted per-secret

Encrypting Chat Sessions

Section titled “Encrypting Chat Sessions”

Encryption is enabled by default. When you start a chat, you’ll be prompted for a passphrase:

Terminal window
az chat
# Encryption passphrase: ********
# Audit logs and sessions will be encrypted.

To disable encryption, pass --no-encrypt.

When the session ends, both the audit log and conversation history are encrypted before writing to disk.

What Gets Encrypted

Section titled “What Gets Encrypted”
DataLocationEncrypted?
Audit events.agentzero/audit/<id>.jsonl.encBy default
Session history.agentzero/sessions/<id>.json.encBy default
Vault secrets.agentzero/vault/<provider>/<name>.encAlways

Encryption Details

Section titled “Encryption Details”
  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: Argon2id (memory-hard, brute-force resistant)
  • Salt: Random 16 bytes per encryption
  • Nonce: Random 12 bytes per encryption
  • Format: salt(16) || nonce(12) || ciphertext || tag(16)

Each encryption uses a fresh random salt and nonce, so encrypting the same data twice produces different ciphertext.

Audit Log Encryption

Section titled “Audit Log Encryption”

Encrypted audit logs use per-line encryption. Each JSONL line is independently encrypted and base64-encoded. This means:

  • New events can be appended without decrypting the entire file
  • Individual events can be decrypted independently
  • The file remains a valid line-oriented format

Vault Encryption

Section titled “Vault Encryption”

The vault is always encrypted — there’s no plaintext mode. Each secret is stored as a separate .enc file under .agentzero/vault/<provider>/<name>.enc.

Terminal window
# Vault operations always require a passphrase
az vault add github token
# Vault passphrase: ********
# Secret value: ghp_...

Security Considerations

Section titled “Security Considerations”
  • Passphrase strength matters — Argon2id resists brute force, but a weak passphrase is still weak
  • No key escrow — if you lose the passphrase, encrypted data is unrecoverable
  • Memory safetyResolvedSecret values are zeroed on drop (best-effort)
  • No plaintext residue — encrypted files never contain plaintext fragments