When transferring data in and out of the cluster, we always use encryption. For data at rest, we use AES 256 keys managed in the AWS Key Management Service. For all data in transit using HTTPS (including HSTS), we use TLS v1.2.
When in motion, all external communication is strictly encrypted, typically via HTTPS for regular production operations. We use SSH encryption to encrypt external communication for some service and maintenance purposes.
Communication with the database is always encrypted. We use an audit log for all operations executed in the application.
Don’t see the answer you’re looking for? Visit our FAQ section for more.