Client-side encryption

The JSON representation of your workspace is stored on our servers using AES encryption with a 128-bit key, a random salt and a server-side passphrase. For additional peace of mind, if you're a paid plan customer, you can choose to encrypt your workspace with your own passphrase on the client before uploading it to Structurizr.

In order to view a client-side encrypted workspace, you will be asked to enter your passphrase when you open the workspace in your web browser. The passphrase is then used to decrypt the workspace in your web browser. At no point does the passphrase leave your computer. Here is an example of a client-side encrypted workspace (the passphrase is password).

Passphrase prompt

For increased usability, and to prevent you from needing to enter the passphrase every time the workspace is opened, you can opt to save the passphrase in your web browser's local storage. This is stored as plaintext, so should only be used if you don't share your browser profile.

Creating client-side encrypted workspaces

See Client-side encryption in Java or Client-side encryption in .NET for details of how to create client-side encrypted workspaces.