Acra
Encryption software
Database security software
Data loss prevention (DLP) software
Data masking software
Confidentiality software
Data security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Acra and its alternatives fit your requirements.
$10,000 per year
Free Trial unavailable
Free version
Small
Medium
Large
-
What is Acra
Acra is an application-layer database security product that encrypts and tokenizes sensitive fields before they are written to a database, and decrypts them only for authorized services. It targets engineering and security teams that need to protect regulated data in existing SQL/NoSQL databases without relying solely on database-native encryption. Acra typically uses a proxy/sidecar approach and client libraries to provide transparent “encrypt-in-app, store-encrypted” workflows, with support for key management integrations and access controls around decryption.
Application-layer field encryption
Acra encrypts or tokenizes specific fields at the application boundary, so the database stores ciphertext rather than plaintext. This reduces exposure from database dumps, snapshots, and many forms of direct database access. It also helps teams keep encryption logic consistent across multiple databases and services. The approach aligns with common compliance needs where limiting plaintext persistence is required.
Proxy/sidecar deployment options
Acra commonly deploys as a database proxy/sidecar that mediates connections and applies encryption/decryption policies. This can reduce the amount of application code that must change compared with embedding encryption everywhere. It also supports centralized policy enforcement for multiple services connecting to the same datastore. Teams can incrementally roll out protection per service or per table/field.
Integrates with key management
Acra is designed to work with external key management systems and can separate key custody from data storage. This supports operational controls such as key rotation and limiting which services can decrypt. It can also fit environments where security teams require centralized key governance. The model is useful when multiple applications share the same sensitive datasets.
Engineering integration required
Because Acra protects data at the application layer, teams typically need to integrate client components, adjust connection paths, and validate query behavior. Some workloads may require schema or query changes when searching/sorting on protected fields. Testing effort can be significant for complex applications and microservice environments. This is more involved than enabling database-native encryption at rest.
Limited analytics on ciphertext
Field-level encryption and tokenization can restrict downstream analytics, indexing, and ad-hoc querying on protected columns. Deterministic modes can enable equality matching but may introduce trade-offs in leakage and functionality. Teams often need separate pipelines or controlled decryption for reporting and data science. This can complicate data warehouse and BI use cases.
Operational overhead and latency
Running proxies/sidecars and performing cryptographic operations adds operational components to monitor and scale. Misconfiguration can lead to availability issues (e.g., connection routing, certificate/key distribution). Encryption/decryption can add latency, especially for high-throughput transactional systems. Capacity planning and observability become important parts of production rollout.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Acra Community Edition (CE) | FREE (Apache 2 license, free forever) | Encryption and masking; SQL request firewall; Basic intrusion detection; Single configuration policy. Best for prototyping and small-scale projects. |
| Acra Enterprise Edition (EE) | Starting at $10,000 per year (annual) | Full spectrum of premium features for large-scale/enterprise deployments; various support tiers; DevOps / SRE tooling; Policy management. Pricing depends on number of deployments and features requested — contact sales. |
| Acra bespoke solution | Custom pricing (contact sales) | Fully customized solution built around Acra EE: customized masks & protocols, custom behavior, use-case-specific features, engineering & architecture support. |
Additional official offerings/notes:
- Free evaluation playground: Cossack Labs will deploy a free playground that runs Acra Enterprise Edition (example DB + client app) for popular use cases — request through vendor.
- Paid PoC: vendor offers paid proof-of-concept engagement for custom deployments.
