hivellm · andrehrferreira · Dec 11, 2025 · Dec 10, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ubuntu-latest, windows-latest]
 
     steps:
       - name: Install minimal stable
@@ -42,8 +42,6 @@ jobs:
           if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
             sudo apt-get update
             sudo apt-get install -y protobuf-compiler
-          elif [[ "${{ matrix.os }}" == "macos-latest" ]]; then
-            brew install protobuf
           elif [[ "${{ matrix.os }}" == "windows-latest" ]]; then
             choco install protoc
           fi

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file.
 
+## [2.1.0] - 2024-12-10
+
+### Added
+- **ECC-AES Payload Encryption**: Optional end-to-end encryption for vector payloads
+  - ECC-P256 (NIST P-256) elliptic curve cryptography
+  - AES-256-GCM authenticated encryption
+  - ECDH key exchange for secure key derivation
+  - Zero-knowledge architecture - server never has decryption keys
+  - Support for multiple key formats (PEM, Base64, Hexadecimal)
+  - Optional `public_key` parameter on all insert/upsert endpoints:
+    - REST API: `/insert_text`, `/files/upload`
+    - Qdrant-compatible: `/collections/{name}/points`
+    - MCP tools: `insert_text`, `update_vector`
+    - GraphQL: `upsertVector`, `upsertVectors`, `updatePayload`, `uploadFile`
+  - Collection-level encryption policies (optional, required, mixed)
+  - Comprehensive test coverage (32 tests: 26 REST + 6 GraphQL)
+  - Full SDK support across all 6 official SDKs
+  - Complete documentation in `docs/features/encryption/`
+
 ## [2.0.3] - 2025-12-08
 
 ### Fixed

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "vectorizer"
-version = "2.0.3"
+version = "2.1.0"
 edition = "2024"
 authors = ["HiveLLM Contributors"]
 description = "High-performance, in-memory vector database written in Rust"
@@ -103,6 +103,8 @@ hmac = "0.12"           # HMAC for request signing
 base64 = "0.22"         # Base64 encoding for signing secrets
 bcrypt = "0.17"
 aes-gcm = "0.10"  # AES-GCM encryption for auth persistence
+p256 = { version = "0.13", features = ["ecdh", "pem"] }  # ECC for payload encryption
+hex = "0.4"  # Hex encoding/decoding for public keys
 lazy_static = "1.4"
 tower_governor = "0.8"  # Rate limiting middleware
 governor = "0.10.2"       # Rate limiting core

diff --git a/Dockerfile b/Dockerfile
@@ -242,6 +242,7 @@ ARG GIT_COMMIT_ID
 COPY --from=builder /vectorizer/vectorizer /vectorizer/vectorizer
 COPY --from=builder /vectorizer/vectorizer.spdx.json /vectorizer/vectorizer.spdx.json
 COPY --from=dashboard-builder /dashboard/dist /vectorizer/dashboard/dist
+COPY --from=builder /vectorizer/config.example.yml /vectorizer/config.yml
 
 WORKDIR /vectorizer
 

diff --git a/README.md b/README.md
@@ -63,6 +63,17 @@ A high-performance vector database and search engine built in Rust, designed for
 - **🔗 n8n Integration**: Official n8n community node for no-code workflow automation (400+ node integrations)
 - **🎨 Langflow Integration**: LangChain-compatible components for visual LLM app building
 - **🔒 Security**: JWT + API Key authentication with RBAC
+- **🔐 Payload Encryption**: Optional ECC-P256 + AES-256-GCM payload encryption with zero-knowledge architecture ([docs](docs/features/encryption/README.md))
+
+## 🎉 Latest Release: v2.1.0 - Payload Encryption
+
+**New in v2.1.0:**
+- Added optional ECC-AES payload encryption with zero-knowledge architecture
+- ECC-P256 + AES-256-GCM for end-to-end encrypted vector payloads
+- Collection-level encryption policies (optional, required, mixed)
+- Full support across all APIs (REST, GraphQL, MCP, Qdrant-compatible)
+- Complete SDK support for all 6 official SDKs
+- See [encryption documentation](docs/features/encryption/README.md) for details
 
 ## 🚀 Quick Start
 

diff --git a/benchmark/grpc/benchmark_grpc_vs_rest.rs b/benchmark/grpc/benchmark_grpc_vs_rest.rs
@@ -312,6 +312,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         normalization: None,
         storage_type: None,
         graph: None, // Graph disabled for benchmarks
+        encryption: None,
     };
     rest_store
         .create_collection(rest_collection, rest_config)
@@ -333,6 +334,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         normalization: None,
         storage_type: None,
         graph: None, // Graph disabled for benchmarks
+        encryption: None,
     };
     grpc_store
         .create_collection(grpc_collection, grpc_config)