This page details the data security properties of D1, including:
- Encryption-at-rest (EAR).
- Encryption-in-transit (EIT).
- Cloudflare’s compliance certifications.
Encryption at Rest
All objects stored in D1, including metadata, live databases, and inactive databases are encrypted at rest. Encryption and decryption are automatic, do not require user configuration to enable, and do not impact the effective performance of D1.
Encryption keys are managed by Cloudflare and securely stored in the same key management systems we use for managing encrypted data across Cloudflare internally.