Remora Backup is pleased to announce the availability of a new feature that allows our customers to provide their own encryption key for their backups.

Remora Backup launched two years ago as a managed, encrypted, offsite backup service for your Heroku Postgres databases. As part of this managed service, we provide and maintain the encryption keys for you. These encryption keys are generated using a service backed by Hardware Security Modules, and stored securely until needed.

While having us manage the key works for a majority of customers, there are some who need the additional layer of security afforded by utilizing an encryption key they provide themselves that we have no access to.  We are now pleased to offer this feature for our customers on the Whale Shark plan.

Providing your own encryption key means that Remora Backup will not have any access to decrypt your Heroku Postgres backups. Many companies require this for compliance or additional security reasons, and we think we’ve designed a feature that keeps the simplicity of our backup process while providing an extra level of data security.

In conjunction with this new feature release, we also recently undertook an independent, third party code review. If your company is interested in using Remora Backup’s ‘provide your own encryption key’ functionality, and would like to discuss the results of this code review, please get in touch with us.

Finally, you can see the details of how this new functionality works in our Dev Center article.