Secure Data Handling in CI/CD Pipelines Using Homomorphic Encryption Techniques

Abstract

This study explores the use of homomorphic encryption (HE) in CI/CD pipelines to secure sensitive information during automated software delivery processes. Conventional encryption techniques such as AES, although efficient and common, involve decrypting data during processing, making it vulnerable to leaks. Partial homomorphic encryption (PHE), on the other hand, allows computations to be performed directly on encrypted data, maintaining confidentiality throughout execution. Through deployment and comparison of both encryption methods within a GitHub Actions-based pipeline on a mock banking dataset, the research identifies the performance-security trade-offs. AES showed better speed but no in-use data protection, while Paillier offered strong confidentiality at acceptable computational overhead. The results emphasize the possibility and usefulness of homomorphic encryption in contemporary DevOps environments, especially for companies that process regulated or sensitive data. The study concludes with practical advice on hybrid encryption use, safe key handling, performance improvement, and regular security auditing to construct more privacy-enhancing CI/CD pipelines.