Encryption at rest
Redis Cloud databases write their data to disk whenever persistence is enabled.
On Google Cloud Platform (GCP) and Microsoft Azure, Redis Cloud deployments are always encrypted at rest.
For Amazon Web Services (AWS), Redis Cloud Flexible (and Annual) subscriptions can be encrypted at rest when you create the subscription.
Encryption at rest on AWS
When encrypted, persistent data is written to encrypted EBS volumes.
When Redis on Flash is enabled, the flash memory data is written to encrypted NVMe SSD volumes.
Encryption can only be enabled when a subscription is created.
Enable encryption when creating Flexible plans
To enable encryption when creating a Flexible plan on AWS:
-
Create a new AWS subscription.
-
In the Flexible plan section, select the Create button.
This takes you to the Create Custom Subscription screen:
-
Expand the Advanced Options and then verify that Persistent Storage Encryption is set to Yes.
When you create the subscription, all databases will be encrypted at rest.
Disk encryption on GCP
All data written to disk on GCP-based Redis Cloud deployments is encrypted by default. When deploying a Redis Cloud database on GCP, you don’t need to take any actions to enable this encryption.
To learn more, see the GCP encryption at rest documentation.
Disk encryption on Azure
All data written to disk on Azure-based Redis Cloud deployments is encrypted by default. When deploying a Redis Cloud database on Azure, you don’t need to take any actions to enable this encryption.
To learn more, see the Azure encryption at rest documentation.