This page covers how Rockset encrypts and protects your data. For information on how to submit your own encryption key, check out our documentation on [Customer Managed Encryption Keys](🔗).

## Encryption in Transit

Rockset encrypts all data-in-transit between customers and Rockset's AWS environment. Rockset requires a minimum of TLS v1.2 for all ingress to and egress from Rockset.

## Encryption at Rest

Rockset encrypts all data-at-rest by default using AES-256.