02 — Enterprise Features

Features that make BitVault sellable to security/compliance-conscious organizations — and that are technically deep, not checkbox theater. Several reuse the flagship primitives (01).


E1 — BYOK / HYOK (customer-managed keys)

Let a customer bring their own KMS key (BYOK) or hold it in their own HSM so it never reaches us (HYOK) — BitVault encrypts with a key the customer controls and can revoke (a “kill switch” for their data).

   
Why it matters A hard requirement for regulated/enterprise buyers; “you can revoke our access to your data” is a powerful trust + sales lever.
Complexity L — multi-KMS abstraction, per-tenant key topology, revocation semantics, and the availability coupling to an external KMS.
Dependencies ADR-0014 (envelope), E2E §4, secrets (platform/09).
Resume impact High. Key hierarchies, multi-KMS, and revocation design = real security engineering.

E2 — Tamper-evident audit log (transparency log)

An append-only, cryptographically verifiable audit log: customers (and auditors) can prove no entries were removed or altered — Certificate-Transparency for your file activity.

flowchart LR
    classDef e fill:#fde68a,stroke:#b45309,color:#111827;
    classDef d fill:#bbf7d0,stroke:#15803d,color:#111827;
    ev["every action → audit entry"]:::e --> log["append-only Merkle tree log"]:::e
    log --> root["signed tree head (periodic, published)"]:::d
    root --> incl["inclusion proof: 'entry E is in the log'"]:::d
    root --> cons["consistency proof: 'log only grew, nothing edited'"]:::d
   
Why it matters Audit logs are only trustworthy if they can’t be quietly edited. Tamper-evidence is a compliance and forensics differentiator most products lack.
Complexity M–L — Merkle log + inclusion/consistency proofs + signed tree heads; the data structures are well-defined (RFC 6962).
Dependencies Event/audit pipeline (08), Merkle/BLAKE3 (storage/04).
Resume impact High. Verifiable log structures (à la Trillian/CT) are a recognizable, deep credential.

E3 — Data Loss Prevention (DLP)

Detect and act on sensitive content (PII, secrets, card numbers) on upload — classify, then enforce policy: block, quarantine, redact, or alert.

   
Why it matters A top enterprise ask; showcases the platform’s composability (three flagships solving one real problem).
Complexity M on top of Functions+policy (the primitives do the heavy lifting); classification accuracy is the long tail.
Dependencies Functions (06), policy (07), events (08).
Resume impact Medium-high. Demonstrates composing platform primitives into a governance capability.

E4 — Data residency & sovereignty

Guarantee (and prove) that a tenant’s data lives only in approved regions/jurisdictions.

   
Why it matters GDPR/sovereignty is a gating requirement for EU/regulated customers; provable residency beats claimed residency.
Complexity M — placement exists; the work is policy surface + conformance auditing + evidence.
Dependencies Placement (ADR-0020), policy (07).
Resume impact Medium-high. Compliance-by-construction + continuous verification is mature platform thinking.

E5 — SSO + SCIM provisioning

Enterprise IdP login (OIDC/SAML) plus SCIM for automated user/group lifecycle — joiners/movers/leavers provisioned and de-provisioned automatically.

   
Why it matters Table stakes for enterprise, but SCIM (auto-deprovisioning) is the part most clones skip — and a real integration challenge.
Complexity M — OIDC/SAML is M; SCIM 2.0 (the provisioning protocol + reconciliation) is the depth.
Dependencies Identity (ADR-0010).
Resume impact Medium. Recognizable enterprise-integration competence (SCIM especially).

Place litigation holds that freeze matching content (override retention/deletion), and search/export for discovery.

   
Why it matters Required in regulated/legal contexts; ties retention, WORM, search, and verifiability together.
Complexity M — mostly composition of existing retention/WORM/search primitives.
Dependencies Versioning/WORM (storage/07), search (ADR-0009), policy (07).
Resume impact Medium. Compliance-feature composition; less novel than E1/E2.

Priorities within enterprise

Build E1 (BYOK) and E2 (tamper-evident audit) first — highest depth + resume + differentiation. E4/E5 are high product value at moderate cost. E3/E6 fall out once the flagships exist.