Encrypt your deployment data
Elastic Cloud Hosted Serverless
Elastic Cloud Hosted deployments and Elastic Cloud Serverless projects are already encrypted at rest by default. This includes their data, objects, and settings.
For Elastic Cloud Serverless projects, security is fully-managed by Elastic.
For Elastic Cloud Hosted deployments, instead of the default, Elastic-managed encryption, you can choose to use a customer-managed encryption key to encrypt your Elastic Cloud Hosted deployments.
There is no encryption at rest out of the box for deployments orchestrated using Elastic Cloud Enterprise and Elastic Cloud on Kubernetes, or for self-managed clusters. You must instead configure disk-level encryption on your hosts.
Configuring dm-crypt or similar technologies is outside the scope of the Elastic documentation, and issues related to disk encryption are outside the scope of support.
As an alternative to or in addition to encryption at rest, you can also use the following features to encrypt sensitive data and objects:
- Store sensitive settings using the Elasticsearch or Kibana keystores.
- Enable encryption for Kibana saved objects.