This page details the data security properties of KV, including:
- Encryption-at-rest (EAR).
- Encryption-in-transit (EIT).
- Cloudflare’s compliance certifications.
Encryption at Rest
All values stored in KV are encrypted at rest. Encryption and decryption are automatic, do not require user configuration to enable, and do not impact the effective performance of KV.
Values are only decrypted by the process executing your Worker code or responding to your API requests.
Encryption keys are managed by Cloudflare and securely stored in the same key management systems we use for managing encrypted data across Cloudflare internally.