Encryption at Rest in Data Hub Service
Data Hub Service (DHS) data and configuration files are encrypted at rest. By default, encryption at rest is automatically enabled for Low Priority and Standard services.
MarkLogic uses AWS Key Management Service (KMS) to generate two different keys for encrypting data and configuration files. The keys are stored in the AWS KMS of the AWS account dedicated to creating and maintaing your services. Keys are symmetric customer master keys (CMKs) managed by MarkLogic and not accessible to customers. Automatic key rotation is enabled for both keys.
The key used to encrypt data files is also used to encrypt backups of data files. To learn more about backups, see Database Backup Policy.
To learn more about encryption, see Understanding Encryption at Rest.