Backpack Works logo
All policies
Version: 1.0Last updated: December 2025Owner: Security Lead

Encryption & Key Management Policy

1. Purpose

To define encryption standards that protect data in transit and at rest.

2. Standards

  • In transit: TLS 1.2 or higher for all external connections.
  • At rest: AES-256 or the managed encryption provided by our cloud platforms.
  • Devices: full-disk encryption on all company workstations.

3. Key & secret management

  • Secrets, API keys, and credentials are stored in a secrets manager (1Password) or cloud-native secret store.
  • Secrets are never committed to source control or stored in plaintext.
  • Keys and secrets are rotated on a defined schedule and upon suspected compromise.

4. Review

This policy is reviewed at least annually.