Virtru Developer Experience
Build Data-Centric Security Into Mission Applications
The Virtru Data Security Platform provides everything partners and developers need to extend attribute-based access control (ABAC) into custom applications, data pipelines, and agentic AI workflows: SDKs, secure data connectors, low-code processors, and comprehensive documentation — start building today. Protection travels with every data object you encrypt, enforcing access policy in real time regardless of where the data moves. Revoke access instantly, audit every open, and update policy without re-encrypting: governance doesn't end when data leaves your network.
Built on OpenTDF, Ready for the Mission
OpenTDF is the open standard for data-centric security. The Virtru Data Security Platform extends it with everything required for enterprise and mission environments — from air-gapped enclaves to coalition operations and cross-domain exchange. That includes multi-format TDF support – IC-TDF, ZTDF(ACP-240), automated tagging, and hardened policy and key access services. Protection travels with the data, wherever it goes.
The platform is pre-wired to the systems on which your Attribute-Based Access Control (ABAC) decisions depend. DSPM, DLP, and classification platforms feed data attributes into the Tagging Service. IdPs and ICAM systems supply subject entitlements for both human and machine identities. HSMs, cloud KMS, and S3-compatible storage plug in at the infrastructure layer. You build the mission application; the ecosystem is already connected.
Weighing the open standard against the enterprise platform?
Developer Tools
Embed data-centric security directly into your applications. The Virtru SDKs enable you to create and read TDF-protected objects, bind ABAC policies to data at encryption time, and integrate with the platform's tagging and policy services.
Core Capabilities (All Languages)
- Connect to the Data Security Platform and authenticate via OIDC
- Create TDF files — encrypt data with attributes that define access policy
- Read TDF files — decrypt based on the requesting entity's entitlements
- Integrate with the Tagging Service for automated classification
Go SDK
JavaScript SDK
Apache NiFi Processors: Extend data-centric security into your data workflows without writing code. Virtru's custom Apache NiFi processors enable data engineers, analysts, and IT teams to embed TDF protection directly into ETL pipelines and data movement workflows. Ideal for organizations that need to secure data flows between systems without modifying source or destination applications. View OpenTDF NiFi Processors Documentation on Maven Central Repository.
Capabilities
- Encrypt on ingest: Automatically wrap incoming data in TDF as it enters your environment
- Decrypt for processing: Securely unwrap data for authorized analytics workflows
- Policy-driven routing: Route data based on classification attributes and access policies
- Tag extraction: Read and act on STANAG, IC-EDH, or custom classification metadata
Secure Data Connectors
Secure data connectors help integrate your existing applications, data stores, and AI pipelines with the Virtru Data Security Platform by facilitating data ingestion without requiring any changes to your application code.
Automate Policy and Access Control for Shared Data
Sitting transparently between your applications and data sources, Secure Data Connectors serve as both the ingestion and enforcement layers: onboarding data into the platform while applying ABAC policies at the data layer from the moment of ingestion, so protection travels with the data from first touch onward.
Object Connector
Protection for any S3-compatible storage without changing your applications. Enforce Zero Trust at the storage layer.
- Works with what you have: AWS S3, Google Cloud Storage, MinIO, Cloudflare R2—zero code changes
- Automatic visibility trimming: ABAC policies are enforced across all S3 operations (GET, LIST, PUT, HEAD)
- Encryption on autopilot: Objects encrypt and decrypt based on policy, no manual steps
- Invisible to applications: Your tools interact with storage normally while the connector enforces access controls underneath
Query Connector
Apply Attribute-Based Access Control (ABAC) policies to every SQL query, ensuring that data teams and AI pipelines receive only the data they are authorized to view.
- Drop-in for existing Trino: No query rewrites, no application changes
- Row-level and column-level protection: Policy-driven enforcement at query execution, not just table access
- One policy layer across all sources: Consistent enforcement regardless of backend storage
- Invisible to data teams: Queries run normally; policies and audit logging happen underneath
Vector Connector
Enforce Zero Trust and apply Attribute-Based Access Control (ABAC) policies directly to the embedding layer. This ensures that authorization is enforced for every similarity search, granting RAG pipelines and AI applications access only to the exact documents they are authorized to retrieve.
- Drop-in for existing pgvector: Native PostgreSQL operations, standard indexes, no custom database modifications
- Privacy-preserving similarity search: SimHash transforms embeddings so source content can't be reverse-engineered, with 90%+ recall maintained
- Row-level protection, policy-driven: Users only retrieve documents matching their attributes
- LangChain-compatible: Standard interfaces mean minimal code changes to integrate secure vector search into existing RAG applications
- Encryption travels with the data: TDF-protected document chunks stay cryptographically secured even if the database is compromised
Partner Integration Paths
The Virtru Data Security Platform is designed for extensibility. Whether you're building policy enforcement points for mission applications, integrating upstream data classification, connecting identity systems, or connecting into critical infrastructure, we provide the APIs, documentation, and support to make it straightforward.
Building policy enforcement points for mission applications. You're delivering secure solutions to government, defense, and enterprise customers — either as a systems integrator building custom PEPs against a specific customer mission, or as an ISV embedding TDF protection into a product you ship. Either way, the Platform provides backend services (key access, policy decision, attribute management) so your team doesn't have to rebuild the policy decision layer. You focus on the application; the platform handles the cryptography and policy portability underneath.
Integration Points
- SDKs: Go, Java, and JavaScript libraries for creating and reading TDF objects
- Policy Service API: Programmatic access to attribute definitions and policy decisions
- Key Access Service: OIDC-authenticated key release tied to ABAC entitlements
- Deployment flexibility: SaaS, self-managed, air-gapped, and cross-domain options
Providing upstream data discovery and tagging. Your platform discovers, classifies, and tags sensitive data across customer environments. The Data Security Platform consumes those attributes to deliver data-layer enforcement with real-time ABAC, so your classification work translates directly into enforcement, regardless of where the data travels.
Integration Points
- Tagging Service API: Feed classification metadata into the platform for automatic policy mapping
- Attribute definitions: Map your classification taxonomy to platform attribute definitions
- Bidirectional sync: Query the platform for protection status to enrich your discovery data
Providing entitlement attributes for access decisions. ABAC access decisions depend on knowing who is requesting access and what entitlements they hold. Your identity platform provides the subject attributes — roles, clearances, organizational affiliations, and more — that the platform evaluates against data policies. Support extends to both human and non-human identities, including service accounts and AI agents.
Integration Points
- OIDC / OAuth 2.0: Standard token-based integration with any compliant provider
- Attribute mapping: Map identity claims to Platform entitlements
- Entity resolution: Human, service account, and AI agent identities
Resources
Extending the Platform across the infrastructure stack. Infrastructure partners provide the foundational layers on which the Data Security Platform leverages — hardware security modules, storage, cross-domain solutions, and more. Integrations range in scope from protocol compatibility to co-engineering, depending on what the partner's platform requires and the customer's needs.
Where We Partner
- Hardware security modules (HSMs) — Vendor-specific deep integrations come through joint engineering, so the platform takes full advantage of the HSM's native capabilities. PKCS#11 is the baseline interface for broad compatibility.
- Storage — Storage platforms integrate with the platform's ingestion and enforcement layer. Protocol coverage expands as the roadmap and partnerships evolve.
- Cross-domain solutions (CDS) — Joint engineering enables policy-governed data movement across classification boundaries. CDS integrations are in production today, with additional partnerships under development.
For the current list of production infrastructure integrations, see the Partner Directory or Architecture Guide.
If you're a cloud or infrastructure provider: If you’re not listed in our directory, let’s start the conversation.
Get Started
- Read the docs: Start with the Developer Documentation to understand platform concepts and integration patterns.
- Explore the repo: Contact our team to learn more about our SDKs, sample code, and deployment examples, or view the open-source OpenTDF repo on GitHub.
- Run the quickstart: Follow our getting started guide to stand up a local development environment and encrypt your first TDF object.
- Become a partner: Building a product or integration? Join our partner program for dedicated support, co-marketing opportunities, and early access to new capabilities.
Contact our Partner Team to get started.
Additional Developer Resources
-
Developer Documentation: Getting started guides, API reference, integration patterns
-
Architecture Overview: Platform components, data flows, deployment models
-
API Reference: REST APIs for policy, attributes, key access, and tagging services
-
Deployment Guide: Self-managed, hybrid, and SaaS deployment options
-
Postman Collection: Pre-built API requests for rapid prototyping
-
Sample Applications: Reference implementations demonstrating common patterns
- CLI Tools: Command-line utilities for development and testing
-
GitHub Discussions: Ask questions, share solutions, report issues
-
Partner Support: Dedicated technical support for technology partners
Learn More about the Virtru Platform
Connect with our team to discover the power of the Trusted Data Format and OpenTDF.
6,100 CUSTOMERS TRUST VIRTRU FOR DATA SECURITY AND PRIVACY PROTECTION.
