Encryption
This section provides information about encryption and decryption used in Cortex.
Cortex Encryption
Encryption at rest:
- AWS (S3 and EBS-EKS): SSE-CKMS (Cloud Key Management Services)
- Azure (Blobstore and AKS): Azure Key Vault with KEK and DEK
- Google Cloud Platform (GCS and GKE): SSE-CMEK
Encryption in transit (inner-cluster service mesh): mTLS
Database / Backend Encryption
It is the responsibility of the customer to apply database level encryption either at the row or column level.
CognitiveScale recommends using a third-party vendor (e.g. Protegrity).