Getting Started

Overview

SafeKey Lab provides enterprise-grade privacy infrastructure that deploys directly in your cloud environment. Our unique Bring Your Own Cloud (BYOC) architecture ensures your sensitive data never leaves your infrastructure, giving you complete control over data residency and sovereignty.

🔒 Zero Trust Architecture

Your data never touches our servers. All processing happens within your cloud environment.

⚡ Sub-5ms Latency

Lightning-fast PII detection and redaction at any scale with minimal performance impact.

🛡️ Compliance Ready

Built-in support for GDPR, HIPAA, PCI DSS, and SOC2 compliance requirements.

🌍 Multi-Cloud Support

Deploy on AWS, Google Cloud, or Azure with consistent APIs across all platforms.

Quick Start Guide

1Create Your Account

Create Free Account

2Choose Your Cloud Provider

Select where you want to deploy SafeKey Lab:

aws cloudformation deploy \
  --template-url https://deploy.safekeylab.com/aws/latest.yaml \
  --stack-name safekeylab \
  --parameter-overrides OrgId=YOUR_ORG_ID

gcloud deployment-manager deployments create safekeylab \
  --config https://deploy.safekeylab.com/gcp/latest.yaml \
  --properties orgId:YOUR_ORG_ID

az deployment group create \
  --resource-group safekeylab-rg \
  --template-uri https://deploy.safekeylab.com/azure/latest.json \
  --parameters orgId=YOUR_ORG_ID

3Install the SDK

Choose your preferred programming language:

pip install safekeylab

npm install @safekeylab/sdk

go get github.com/safekeylab/sdk-go

<dependency>
    <groupId>com.safekeylab</groupId>
    <artifactId>safekeylab-sdk</artifactId>
    <version>1.0.0</version>
</dependency>

4Make Your First API Call

Start protecting sensitive data with a simple API call:

from safekeylab import SafeKeyClient # Initialize the client client = SafeKeyClient( api_key="YOUR_API_KEY", endpoint="https://api.your-region.safekeylab.internal" # Your private endpoint ) # Detect and redact PII text = "Contact John Doe at [email protected] or 555-123-4567" result = client.sanitize(text) print(result.sanitized_text) # Output: "Contact [PERSON] at [EMAIL] or [PHONE]" # Get detailed detection results for detection in result.detections: print(f"Found {detection.type} at position {detection.start}-{detection.end}")

Installation Methods

Docker Installation

Deploy SafeKey Lab using our official Docker images:

docker run -d \
  --name safekeylab \
  -e ORG_ID=YOUR_ORG_ID \
  -e API_KEY=YOUR_API_KEY \
  -p 8080:8080 \
  safekeylab/engine:latest

Kubernetes Installation

Deploy on Kubernetes using Helm:

helm repo add safekeylab https://charts.safekeylab.com
helm install safekeylab safekeylab/safekeylab \
  --set orgId=YOUR_ORG_ID \
  --set apiKey=YOUR_API_KEY

Terraform Module

Use our Terraform modules for infrastructure as code:

module "safekeylab" {
  source  = "safekeylab/safekeylab/aws"
  version = "1.0.0"

  org_id     = var.org_id
  api_key    = var.api_key
  vpc_id     = aws_vpc.main.id
  subnet_ids = aws_subnet.private[*].id
}

Authentication

SafeKey Lab uses API keys for authentication. Your API key is tied to your organization and deployment.

Note: API keys are scoped to your deployment and can only access resources within your cloud environment.

Getting Your API Key

Log in to your SafeKey Lab dashboard
Navigate to Settings → API Keys
Click "Generate New Key"
Store the key securely - it won't be shown again

Using API Keys

Include your API key in the Authorization header:

POST https://api.your-region.safekeylab.internal/v1/sanitize

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "text": "John Doe's SSN is 123-45-6789",
  "config": {
    "detect_types": ["SSN", "NAME"],
    "redaction_method": "mask"
  }
}

Your First API Call

Basic PII Detection

Detect and redact common PII types:

import safekeylab client = safekeylab.Client(api_key="YOUR_API_KEY") # Simple text sanitization result = client.sanitize("My email is [email protected]") print(result.text) # "My email is [EMAIL]" # With custom configuration result = client.sanitize( text="Call me at 555-0123", config={ "detect_types": ["PHONE", "EMAIL", "SSN"], "redaction_method": "hash", # or "mask", "synthetic", "encrypt" "format_preservation": True } )

Batch Processing

Process multiple documents efficiently:

documents = [ {"id": "doc1", "text": "Patient John Doe, SSN: 123-45-6789"}, {"id": "doc2", "text": "Contact: [email protected], Phone: 555-0123"} ] results = client.batch_sanitize(documents) for result in results: print(f"Document {result.id}: {result.sanitized_text}")

Streaming API

Process large volumes of data with streaming:

import safekeylab

# Stream data from a source
with client.stream() as stream:
    for record in data_source:
        sanitized = stream.process(record)
        # Process sanitized data immediately
        save_to_database(sanitized)

BYOC Architecture

SafeKey Lab's Bring Your Own Cloud architecture is designed for maximum security and control. Unlike traditional SaaS solutions, our infrastructure runs entirely within your cloud environment.

How It Works

Deployment: SafeKey Lab containers run in your VPC/VNet
Processing: All data processing happens locally
Control Plane: Only telemetry and configuration sync with SafeKey Lab
Data Plane: Your sensitive data never leaves your environment

Important: Ensure your deployment has sufficient resources. Minimum requirements: 4 vCPUs, 8GB RAM per instance.

Network Architecture

Private Endpoints

All API endpoints are private to your VPC/VNet. No public internet exposure.

VPC Peering

Connect SafeKey Lab to your existing infrastructure via VPC peering or PrivateLink.

Egress Control

Outbound connections only for telemetry and updates. All configurable and auditable.

Next Steps

Explore API Reference

Deep dive into all available endpoints and parameters

View API Docs →

SDK Documentation

Detailed guides for each programming language

Browse SDKs →

Best Practices

Learn optimization techniques and security guidelines

Read Guide →

Support

Get help from our engineering team

Contact Support →