Take Control: Customer-Managed Keys for Lakebase Postgres

Lakebase Customer-Managed Keys enables enterprises to control encryption of their Postgres data using their own KMS providers.

• •Supports AWS KMS, Azure Key Vault, and Google Cloud KMS for managing the root encryption key (CMK)
• •Uses hierarchical Envelope Encryption with three layers: CMK (root key), KEK (transient key), and DEK (data encryption keys)
• •Protects both persistent storage layers and ephemeral compute data with per-boot unique keys
• •Enables seamless key rotation and revocation without downtime or data re-encryption
• •Integrates with Account-to-Workspace delegation model and provides cryptographic audit logging

This summary was automatically generated by AI based on the original article and may not be fully accurate.