Rockset
Developer Tools
Terraform ProviderRockset CLINode.js ClientPython Client v1Python Client v0 (Deprecated)Java ClientGo ClientVS Code Extension
StatusSupportCommunity
GuidesSQL ReferenceAPI Reference
HomeWhat is Rockset?Trial Evaluation GuideQuick Start
Loading Data
Adding a Data SourceCreating CollectionsIngest TransformationRollupsCDC DataUsing dbtUsing TerraformIngestion Errors
Querying
Writing QueriesQuery PerformanceSpecial FieldsViews and AliasesAsync QueriesPagination
Performance and Scaling
Virtual InstancesSettings and LimitsStorage Architecture
Applications and Dashboards
Query LambdasMonitoring and AlertingVisualization Tools
Administration
WorkspacesIdentity & Access ManagementAWS PrivateLinkAudit LoggingData Encryption PoliciesSecurity Settings
  • Administration

Data Encryption Policies

This page covers how Rockset encrypts and protects your data.

Data Encryption in Flight

Data in flight from customers to Rockset and from Rockset back to customers is encrypted through Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates, which are created and managed by AWS Certificate Manager. An AWS application load balancer terminates SSL connections to our API endpoint.

Within Rockset’s Virtual Private Cloud (VPC), data is transmitted unencrypted between Rockset’s internal services. Unencrypted data will never be sent outside of Rockset’s VPC.

Data Encryption at Rest

Data is persisted in three places within Rockset:

  1. In a log buffer service on encrypted AWS EBS volumes. Rockset uses this log buffer as transient storage to independently scale data indexing (writes) and data serving (reads).
  2. On Rockset's servers, which have local solid state drives which are encrypted through dm-crypt. The configuration is based on this article.
  3. In AWS S3, where all stored objects are encrypted.

In all cases, the encryption keys are managed by AWS Key Management Service (KMS). The master keys never leave the KMS hardware, so they are never exposed to anyone, including Rockset.

SOC 2 Compliance

Rockset is a SOC 2 compliant company. We are proud to be SOC 2 Type II certified by the American Institute of Certified Public Accountants (AICPA) as a part of our ongoing commitment to protect customer data. To request a copy of our SOC 2 Type II audit report, please contact support@rockset.com.

Ask the CommunityContact SupportReport Docs Issue
Copyright © 2023 Rockset