- Manage Security
- Encrypt and Protect Data
Encrypt and Protect Data on StreamNative Cloud
This section provides how does StreamNative Cloud encrypt and protect your data. This includes securing data at rest, in transit, and in use, to help ensure that your sensitive information is safeguarded against unauthorized access.
Encrypt data at rest
StreamNative Cloud automatically encrypts all data at rest across all clusters using the encrypted storage volumes provided by your cloud provider. This ensures your data is protected when stored on disk.
For BYOC Pro clusters, you can also use your own encryption keys through customer-managed encryption keys (BYOK - Bring Your Own Key). This gives you full control over the encryption keys used to protect your data. BYOK must be configured during cluster provisioning and is currently only available for BYOC Pro clusters. To enable BYOK for your BYOC Pro cluster, contact StreamNative Support before provisioning your cluster.
End-to-end data encryption
Applications using the Pulsar protocol can leverage Pulsar's end-to-end encryption (E2EE) to encrypt messages on the producer side and decrypt them on the consumer side. This encryption uses public and private key pairs configured by your application to perform the encryption and decryption. Since these operations happen within the application itself, the data remains encrypted while passing through the broker and can only be decrypted by authorized consumers with the correct keys. This ensures your data remains protected even if the broker is compromised, and StreamNative has no access to the encrypted content.
For more information, see End-to-end encryption.