This page covers how Rockset encrypts and protects your data. For information on how to submit your own encryption key, check out our documentation on [Customer Managed Encryption Keys](🔗).
## Encryption in Transit
Rockset encrypts all data-in-transit between customers and Rockset's AWS environment. Rockset requires a minimum of TLS v1.2 for all ingress to and egress from Rockset.
## Encryption at Rest
Rockset encrypts all data-at-rest by default using AES-256.