Secure Data Vault

The secure vault is the logical container where your credentials and derived attestations are stored. This overview describes the cryptographic and operational controls modeled by Digital Canada. Figures such as encryption algorithms and audit dates are illustrative unless tied to a certified production system.

Technical controls

Encryption at rest: AES-256-GCM. Key management: HSM-backed tenant keys. Minimum TLS version: 1.2. HTTP Strict Transport Security: Enabled. Last penetration test (simulated): 2026-02-28. Portal build: 4.19.2.

Assurance badges (simulated)

Real programs publish independent audit reports under non-disclosure agreements. The list below is illustrative.

SOC2 Type II (simulated)

ISO 27001 aligned (simulated)

Operational security

Security operations teams monitor authentication anomalies, certificate expiry, and dependency vulnerabilities. Incident response playbooks cover breach notification, forensic preservation, and coordinated disclosure with affected users. You can reduce personal risk by enabling 2FA, using unique passwords, and reviewing active sessions regularly.

Data residency

Data is labeled with region ca-central-1. Production workloads may be restricted to Canadian regions or sovereign cloud enclaves depending on program requirements.

Security settings Privacy

Secure vault — encryption, keys, and auditing

Production vaults use approved algorithms (e.g., AES-256-GCM), hardware security modules, and key rotation—classroom XOR demos are not substitutes.

Audit trails should be append-only with tamper evidence; here they are PHP arrays for illustration only.

Recovery keys and split knowledge (M-of-N) protect against single-admin compromise.

Link two-factor authentication when explaining who may decrypt after authentication.

This site is an unofficial interface and is not affiliated with the Government of Canada.

Secure channel · Build 4.19.2 · production-sim