Skip to main content
NetApp Solutions

Data encryption at rest

Contributors kevin-hoke

All volumes in Google Cloud NetApp Volumes are encrypted-at-rest using AES-256 encryption, which means all user data written to media is encrypted and can only be decrypted with a per-volume key.

  • For NetApp Volumes-SW, Google-generated keys are used.

  • For NetApp Volumes-Performance, the per-volume keys are stored in a key manager built into the Google Cloud NetApp Volumes.

Starting in November 2021, preview customer-managed encryption keys (CMEK) functionality was made available. This enables you to encrypt the per-volume keys with a per-project, per-region master key that is hosted in Google Key Management Service (KMS). KMS enables you to attach external key managers.

For information about configuring KMS for NetApp Volumes-Performance, see Setting up customer-managed encryption keys.