Encryption

Encryption is always on. Convox uses an AWS KMS key to encrypt all Rack-managed secrets regardless of this parameter's value.

| Default value | Yes | | Allowed values | Yes, No |

Note: This parameter is retained for backward compatibility with existing CloudFormation stacks, but the ability to disable encryption has been removed. The KMS key is always created and secrets are always encrypted. Setting this parameter to No has no effect.

Use Cases

No action needed. KMS encryption of Rack secrets is always active.
This parameter exists in the CloudFormation template for backward compatibility and cannot be removed without breaking existing stack updates.

Additional Information

Convox uses an AWS KMS key to encrypt sensitive data such as environment variables, resource connection strings, and other secrets managed by the Rack. The KMS key is unconditionally created and used for all secret encryption operations. This ensures that secrets are always encrypted at rest in the backing DynamoDB table.

KMS usage incurs a small cost per API call. For most Racks, this cost is negligible.

$ convox rack params set Encryption=Yes

See Also

EncryptEbs
EnableSharedEFSVolumeEncryption
DynamoDbTableDeletionProtectionEnabled
Rack Parameters for a full list of available parameters

Encryption

Encryption is always on. Convox uses an AWS KMS key to encrypt all Rack-managed secrets regardless of this parameter's value.

| Default value | Yes | | Allowed values | Yes, No |

Note: This parameter is retained for backward compatibility with existing CloudFormation stacks, but the ability to disable encryption has been removed. The KMS key is always created and secrets are always encrypted. Setting this parameter to No has no effect.

Use Cases

No action needed. KMS encryption of Rack secrets is always active.
This parameter exists in the CloudFormation template for backward compatibility and cannot be removed without breaking existing stack updates.

Additional Information

Convox uses an AWS KMS key to encrypt sensitive data such as environment variables, resource connection strings, and other secrets managed by the Rack. The KMS key is unconditionally created and used for all secret encryption operations. This ensures that secrets are always encrypted at rest in the backing DynamoDB table.

KMS usage incurs a small cost per API call. For most Racks, this cost is negligible.

$ convox rack params set Encryption=Yes

See Also

EncryptEbs
EnableSharedEFSVolumeEncryption
DynamoDbTableDeletionProtectionEnabled
Rack Parameters for a full list of available parameters

Find

Home Product Pricing Enterprise Blog Documentation

Follow

LinkedIn X GitHub

Chat

sales@convox.com

© Convox 2024 / A Curious Company

Privacy Policy Terms of Use