ColdPlane Docs
Concepts

Encryption

How ColdPlane encrypts your data at rest and in transit.

All data managed by ColdPlane is encrypted both at rest and in transit.

Encryption at Rest

Backup data is encrypted at rest using AES-256 with envelope encryption. Each backup gets a unique Data Encryption Key (DEK) wrapped by an AWS-managed key.

Encryption in Transit

All data transfers between your database and ColdPlane use TLS 1.2 or later. API requests to api.coldplane.com require HTTPS.

Customer-Managed Keys

Each user's DEKs are wrapped using an AWS-managed key with encryption context tied to the user and backup IDs, ensuring cryptographic isolation between tenants.

Architecture

How ColdPlane archives and queries data across storage tiers.

Backups

How ColdPlane backup snapshots work.

On this page

Encryption at RestEncryption in TransitCustomer-Managed Keys