This section covers Aptible's default managed encryption. For more information about encryption using AWS Key Management Service, see Custom Database Encryption.
Aptible automatically and transparently encrypts data at rest.
Database encryption uses eCryptfs, and the algorithm used is either AES-192, or AES-256.
You can determine whether your database uses AES-192 or AES-256 for disk encryption through the Dashboard.
New databases will systematically use AES-256
Aptible encrypts your data at the disk level. This means that, to rotate the key used to encrypt your data, all data needs to rewritten on disk using a new key. If you're not using Custom Database Encryption, you can do so by dumping the data from your database, then writing it to a new database, which will use a different key.
However, rotating keys this way will inevitably cause downtime while you dump and restore your data. This may take a very long time if you have a lot of data.
Therefore, if you need to conform to a strict key rotation schedule, we recommend implementing Application-Level Encryption.
Updated 4 months ago