Field-level encryption, HMAC blind indexes, and GDPR-compliant crypto-shredding. Declare which fields are personal data. Tayra handles the rest.
Full-disk encryption protects data at rest. TLS protects data in transit. But neither protects individual PII fields inside your database, event store, or message bus.
The right to erasure requires you to delete personal data on request. In event-sourced systems, you can't delete events, but you can shred the encryption key.
A database breach exposes everything. Field-level encryption means PII stays encrypted even if your database is compromised.
Events are immutable. You can't modify or delete them. Crypto-shredding lets you comply with GDPR while preserving your event history.
Annotate your model. Tayra encrypts, indexes, and shreds automatically.
services.AddTayra(opts =>
{
opts.LicenseKey = "...";
opts.Entity<Customer>(e =>
{
e.BlindIndex(c => c.Email)
.WithTransforms("lowercase", "trim");
});
}).UsePostgreSqlKeyStore(connectionString); public class Customer
{
[DataSubjectId]
public Guid Id { get; set; }
[PersonalData]
public string Name { get; set; }
[PersonalData(Replacement = "redacted@example.com"),
BlindIndex(Transforms = ["lowercase", "trim"])]
public string Email { get; set; }
// HMAC hash — auto-populated
public string? EmailIndex { get; set; }
} // Encrypt + compute blind indexes in one call
await fieldEncrypter.EncryptAsync(customer);
// Query encrypted data by blind index
var hash = await blindIndexer.ComputeHashAsync(
"alice@example.com", "EmailIndex",
typeof(Customer));
var match = await db.Customers
.Where(c => c.EmailIndex == hash).FirstAsync();
// GDPR erasure — delete the key, data is gone forever
await cryptoEngine.DeleteKeyAsync($"cust-{customer.Id}");
// Name → "", Email → "redacted@example.com" Four operations. One key per data subject. Full GDPR compliance.
Tayra scans your model for [PersonalData] attributes, generates a key per data subject, and encrypts each field with AES-256-GCM.
Search encrypted fields using HMAC blind indexes. Same transforms applied to the search value produce the same hash.
Fetch the key, decrypt every field, and return the original values. Transparent to your application code.
GDPR erasure request? Delete the key. The data becomes permanently unreadable. Replacement values are returned instead.
Field-level encryption, searchable blind indexes, GDPR compliance, key management, and framework integrations. All in one library.
Authenticated encryption with integrity guarantees and a versioned wire format.
Built-in support for the GDPR articles that matter most for data protection.
Annotate your models. Tayra discovers and encrypts PII fields automatically.
[PersonalData] mark fields for encryption[DataSubjectId] identify data owners[DeepPersonalData] encrypt nested objects[SerializedPersonalData] non-string typesStore encryption keys where your security policy requires. Bring your own with a simple interface.
HMAC-based blind indexes let you query encrypted fields without exposing plaintext.
Deep integrations across the entire .NET stack. Annotate once, protect everywhere.
Operational commands and compliance artifacts that make Tayra a platform, not just a library.
dotnet tayra verifyProduction monitoring, compile-time validation, and audit trail across the full lifecycle.
Use Tayra.Core standalone or with deep framework integrations.
Protect your data — encryption, shredding, and all integrations
One cohesive product, its services and deployment
Multiple products, services, and deployments across the organization
Prove you're protecting your data — audit, inventory, and regulatory reporting
One cohesive product, its services and deployment
Multiple products, services, and deployments across the organization
Tip: Running 1–3 product lines? Individual Single Product Line licenses are the best value. For 4 or more, the Multiple Product Lines license saves you more.
Founder, Radarleaf Technologies
Tayra is built and maintained by a maintainer of the JasperFx Critter Stack. Deep knowledge of Marten, Wolverine, Weasel, and the .NET ecosystem ensures first-class integration and long-term support.
The tayra is a tropical mustelid — agile, sharp, and fiercely protective. It fits right into the JasperFx Critter Stack family alongside Marten, Wolverine, and Weasel.
Just as the tayra guards its territory, this library guards your users' personal data.
Be the first to know when Tayra launches. Early access members get priority onboarding.