Skip to main content

Encrypted Communication

If the Polaris Secure Proxy is configured for encrypted HTTP requests and responses, it will decrypt all incoming requests before forwarding them to the workload and encrypt all outgoing responses before sending them back to the client.

Encrypted Requests

When the Polaris Secure Proxy receives an encrypted request, it expects the following structure:

  • Request URL: The URL of the target workload to which the proxy should forward the request. This should be encrypted using the Polaris SDK with the public key corresponding to the private key managed by the proxy. The encrypted URL should be stored in the proxy-url header.
  • Request Headers: The headers of the request should be encrypted and stored in the polaris-secure header.
  • Request Body: The body of the request should be encrypted and stored as a buffer in the body of the HTTP request.

The proxy will decrypt the URL, headers, and body before passing the request to the workload.

Encrypted Responses

If response encryption is required, the client must provide its public key in the polaris-response-public-key header of the request. The proxy will use the provided public key to encrypt the response and send it back to the client.

The Polaris Secure Proxy also supports streamed responses for scenarios where the response data is large or needs to be delivered incrementally, like for example streaming LLM responses.