Bring Your Own Key
Encryption is a widely accepted mechanism to secure data against breaches. By default, DataStax Astra DB encrypts data, and cloud providers such as AWS and Google Cloud offer encryption solutions. However, you may want to further limit data access, because cloud providers have access to the keys and ultimately to the data.
To address this security concern, Astra DB allows you to associate a Customer Managed Key (one per region) that you defined in the cloud provider’s Key Management Service with a Customer Key that you create in Astra DB.
We call this organization-scoped Astra DB feature Bring Your Own Key (BYOK).
This BYOK feature:
For related details, see the Customer Keys API reference.