Redis Cloud databases write their data to disk whenever persistence is enabled.

On Google Cloud Platform (GCP) and Microsoft Azure, Redis Cloud deployments are always encrypted at rest.

For Amazon Web Services (AWS), Redis Cloud Flexible (and Annual) subscriptions can be encrypted at rest when you create the subscription.

Encryption at rest on AWS

When encrypted, persistent data is written to encrypted EBS volumes.

When Redis on Flash is enabled, the flash memory data is written to encrypted NVMe SSD volumes.

Encryption can only be enabled when a subscription is created.

Enable encryption when creating Flexible plans

To enable encryption when creating a Flexible plan on AWS:

  1. Create a new AWS subscription.

  2. In the Flexible plan section, select the Create button.

    Create Flexible Plan

    This takes you to the Create Custom Subscription screen:

    Create Custom Subscription screen
  3. Expand the Advanced Options and then verify that Persistent Storage Encryption is set to Yes.

    Persistent Storage Encryption setting

When you create the subscription, all databases will be encrypted at rest.

Disk encryption on GCP

All data written to disk on GCP-based Redis Cloud deployments is encrypted by default. When deploying a Redis Cloud database on GCP, you don’t need to take any actions to enable this encryption.

To learn more, see the GCP encryption at rest documentation.

Disk encryption on Azure

All data written to disk on Azure-based Redis Cloud deployments is encrypted by default. When deploying a Redis Cloud database on Azure, you don’t need to take any actions to enable this encryption.

To learn more, see the Azure encryption at rest documentation.