Database Encryption

This section covers Aptible Deploy's default managed encryption. For more information about encryption using AWS Key Management Service, see Custom Database Encryption.

Aptible Deploy automatically and transparently encrypts data at rest.

Database encryption uses eCryptfs, and the algorithm used is either AES-192, or AES-256.

πŸ“˜

Tip

You can determine whether your database uses AES-192 or AES-256 for disk encryption through the Dashboard.

New databases will systematically use AES-256

Key Rotation

Aptible Deploy encrypts your data at the disk level. This means that, to rotate the key used to encrypt your data, all data needs to rewritten on disk using a new key. If you're not using Custom Database Encryption, you can do so by dumping the data from your database, then writing it to a new database, which will use a different key.

However, rotating keys this way will inevitably cause downtime while you dump and restore your data. This may take a very long time if you have a lot of data.

Therefore, if you need to conform to a strict key rotation schedule, we recommend implementing Application-Level Encryption.


Did this page help you?