1 of 3

Encryption

Encryption support in DuploCloud

Encryption falls into two categories:

At Rest
In Transit

At Rest Encryption

At Rest encryption support in DuploCloud

DuploCloud generates a cloud provider-specific encryption key for each tenant. While creating resources it encrypts them either with a generic cloud provider key or the user can choose a separate key per Tenant.

Users can also create their unique encryption keys and add them using the Administrator -> Plan -> KMS menu and these can be used to encrypt resources At Rest.

In Transit encryption

In Transit encryption support in DuploCloud

Except in AWS, users generate SSL certificates out-of-band either from the cloud provider ACM or issue and upload them to the cloud provider ACM. A reference to these certificates can be added using the Administrator -> Plan -> Certificates menu. During the creation of cloud resources like load balancers, Ingress, Cloudfront, and API gateway, one of these certificates can be selected and the platform applies them to the resources.

In AWS, DuploCloud automatically generates a wildcard certificate in ACM for each DNS domain that the platform manages and adds it to the DuploCloud Plan. Users can add more certificates at any time.

In Transit encryption

In Transit encryption support in DuploCloud

In AWS, DuploCloud automatically generates a wildcard certificate in ACM for each DNS domain that the platform manages and adds it to the DuploCloud Plan. Users can add more certificates at any time.

At Rest Encryption

At Rest encryption support in DuploCloud

Users can also create their unique encryption keys and add them using the Administrator -> Plan -> KMS menu and these can be used to encrypt resources At Rest.