Data encryption

Customers trust mabl with sensitive internal data. Mabl takes protecting this data seriously. This document provides an overview of mabl's security policies around data encryption.

Data in transit

All data coming into or out of the mabl system is transmitted using encrypted protocols, such as HTTPS. Mabl follows industry best practices on which TLS versions our endpoints support.

Internal data transmitted between services within the system also follows the same encryption practices. Any exception to this policy requires mitigating controls and explicit approval by mabl's Information Security & Technology Team.

Data at rest

All customer data stored in mabl is encrypted at rest, using industry standard best practices for key strength and key management. mabl uses three tiers of encryption keys:

  • All data stored at rest in Google Cloud is encrypted using Google managed encryption keys by default. Read more about Google Cloud's default encryption policies
  • Mabl encrypts any internal sensitive data or secrets using internal infrastructure encryption keys scoped to individual subsystems
  • For sensitive customer data, mabl generates a workspace specific symmetric encryption key in Google KMS. The workspace encryption key are used to encrypt the following, at a minimum:
    • All test input files used during a test run such as File Uploads and mobile app build files
    • All test artifacts collected during a test run such as screenshots, HAR logs and DOM snapshots
    • Sensitive metadata such as:
      • Credentials
      • Api keys
      • Link agent certificates
      • Environment variables
      • Custom HTTP headers

Key management and strength

Mabl's global and workspace level encryption keys are stored in Google Cloud KMS. The keys are generated by and stored in Cloud KMS as customer-managed encryption keys, managed by mabl. The keys cannot be exported from Google Cloud KMS.

All mabl-managed keys use AES256-GCM. More details can be found in the Cloud KMS documentation.

Customer keys can be rotated or deleted on request. Removal of keys or key versions may result in permanent loss of access to any data encrypted with them.


Mabl's Information Security and Technology Team regularly conducts internal audits of our security policies and practices, including key management. Mabl has completed a SOC II Type 2 attestation of our information security policies and practices.