# Encryption ## **Data-in-Transit Encryption** MariaDB Cloud features data-in-transit encryption by default. ### Client-to-Server By default, MariaDB Cloud services feature data-in-transit encryption for client connections: TLS 1.2 and TLS 1.3 are supported. SSL/TLS certificates and encryption settings are not customer-configurable. For information on how to connect with TLS, see ["Connect and Query"](https://github.com/mariadb-corporation/mariadb-docs/blob/main/Connecting%20to%20Sky%20DBs/README.md). The "Disable SSL/TLS" option may be appropriate for some customers when also using AWS PrivateLink or GCP VPC Peering. ### Server-to-Server MariaDB Cloud services perform server-to-server communication between MariaDB MaxScale, MariaDB Server, and MariaDB Cloud infrastructure. By default, these server-to-server communications are protected with data-in-transit encryption: For MariaDB Cloud Services on AWS, see "[Encryption in transit(AWS)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data-protection.html#encryption-transit)". MariaDB Cloud uses configurations, which feature automatic in-transit encryption. For MariaDB Cloud Services on GCP, see "[Encryption in transit (GCP)](https://cloud.google.com/docs/security/encryption-in-transit#encryption_in_transit_by_default)". MariaDB Cloud uses encryption by default. For MariaDB Cloud Services on Azure, see "[Encryption in transit (Azure)](https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#encryption-of-data-in-transit)". MariaDB Cloud uses encryption by default. ## **Data-at-Rest Encryption** MariaDB Cloud features transparent data-at-rest encryption. MariaDB Cloud Services on AWS use [Amazon EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). MariaDB Cloud Services on GCP benefits from [encryption by default](https://cloud.google.com/security/encryption-at-rest/default-encryption). MariaDB Cloud Services on Azure use [Azure Disk Encryption](https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mariadb.com/docs/mariadb-cloud/security/encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.