Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Getting Started
Why Teams OverpayCache Fill Then SaveFirst 24 HoursSetting Up FabricConnecting RepositoriesCache Tiers ExplainedHow 100 Engineers ShareGateway Config For CachingMeasuring Baseline SpendEconomics Of Shared Codebases
Cost Optimization
Codebase Context Fabric
Engineering Workflows
Configuration & Tuning
Security & Governance
Org IsolationEntitlement Access ControlTask ClassificationPreventing Stale AnswersReplay AuditCache ComplianceData ResidencyEncryption At RestDeny ListsGovernance Semantic Replay
Operations & Monitoring
Advanced Patterns
Agent Gateway Groups
Hosted Gateway Tasks
Knowledge Base and Fabric
Chat Cost Estimation
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
FAQ

Encryption at Rest for Cache Payloads

Org-shared cache payloads should be encrypted at rest because Keeptrusts cannot reliably classify all user content before caching. Responses may contain sensitive code, proprietary logic, or regulated data. Encryption ensures that even if storage is compromised, payload content remains protected.

Use this page when

  • You need to verify or configure encryption-at-rest for cached LLM prompt/response payloads.
  • You are documenting your security posture and need details on key management and cipher suites.
  • You want to rotate encryption keys or migrate to customer-managed keys (BYOK).

Primary audience

  • Primary: Technical Leaders
  • Secondary: Technical Engineers, AI Agents

The cache stores complete LLM responses as payload blobs. These responses may include:

  • Proprietary source code generated for your organization.
  • Code that references internal systems, APIs, or architecture.
  • Explanations that reveal business logic or security controls.
  • Content derived from regulated data in your repositories.

Because the cache system cannot inspect and classify every response before storage, encryption at rest provides a blanket protection layer regardless of content sensitivity.

What Is Encrypted

ComponentEncryptedReason
Payload blobs (responses)YesMay contain sensitive content
Embedding vectorsYesCan be used to reconstruct content similarity
Prompt digestsNoAlready hashed; no recoverable content
Freshness signalsNoContain only hashes and identifiers
Audit metadataNoRequired for query performance
Entry identifiersNoRequired for lookup operations

Why Metadata Is Not Encrypted

Cache metadata (entry IDs, timestamps, freshness signals, audit records) is not encrypted because:

  • It is needed for query operations and indexing.
  • It contains only hashes and identifiers, not raw content.
  • Encrypting it would prevent efficient cache lookups.
  • Access control already restricts who can query metadata.

Encryption Configuration

Object Storage Encryption

Configure server-side encryption for the cache payload bucket:

cache:
  object_storage:
    endpoint: "https://s3.eu-central-1.amazonaws.com"
    bucket: "your-org-cache-payloads"
    region: "eu-central-1"
    encryption:
      type: "SSE-KMS"
      kms_key_id: "arn:aws:kms:eu-central-1:123456789:key/your-key-id"

Supported Encryption Types

TypeDescriptionKey Management
SSE-S3S3-managed keys (AES-256)AWS manages keys
SSE-KMSKMS-managed keysYou control key policy
SSE-CCustomer-provided keysYou provide key per request
AES-GCM-256Application-level encryptionKeeptrusts manages keys

Application-Level Encryption

For maximum control, enable application-level encryption. This encrypts payloads before they reach the storage backend:

cache:
  encryption:
    enabled: true
    algorithm: "AES-GCM-256"
    key_source: "vault"
    vault_path: "secret/data/cache/encryption-key"
    key_rotation_interval_days: 90

With application-level encryption, payloads are encrypted in memory before being written to object storage. Even if the storage backend's own encryption is misconfigured or bypassed, the data remains protected.

Key Management

Key Rotation

You should rotate encryption keys periodically. The cache system supports key rotation without re-encrypting existing entries:

  1. New entries are encrypted with the current key.
  2. Existing entries remain readable with their original key.
  3. Keys are identified by key ID in the entry metadata.
  4. Old keys are retained in the key store until all entries encrypted with them have expired via TTL.

Key Storage Options

OptionDescriptionBest For
HashiCorp VaultExternal secret managerProduction deployments
AWS KMSCloud-managed keysAWS-native deployments
Azure Key VaultCloud-managed keysAzure-native deployments
GCP Cloud KMSCloud-managed keysGCP-native deployments
Environment variableKey in env varDevelopment and testing only

Key Access Policy

Restrict access to encryption keys to:

  • The cache service account (for encrypt/decrypt operations).
  • Key administrators (for rotation and policy management).
  • Break-glass procedures (for emergency access).

No other service or user should have access to cache encryption keys.

Vector Storage Encryption

Embedding vectors should also be encrypted at rest. Configure your vector database's encryption:

cache:
  vector_storage:
    endpoint: "https://pgvector.internal:5432"
    encryption:
      enabled: true
      type: "TDE"  # Transparent Data Encryption

Why Vectors Need Encryption

While individual embedding vectors do not contain readable text, a sufficiently large collection of vectors can be used to:

  • Identify similar queries across users.
  • Reconstruct approximate content through nearest-neighbor attacks.
  • Reveal patterns about what your organization is working on.

Encrypting vectors at rest mitigates these risks.

Verification

Confirm Encryption Is Active

  1. Check your configuration for encryption.enabled: true.
  2. Verify the storage backend reports encryption on stored objects.
  3. Attempt to read a raw object from storage without the decryption key — it should be unreadable.

Audit Key Usage

Monitor key usage to detect anomalies:

MetricExpectedInvestigate If
Decrypt operations per minuteCorrelates with cache hit rateSpikes beyond normal traffic
Key access from unknown principals0Any non-zero value
Failed decrypt operations0Above 0 — possible key rotation issue
Key rotation ageUnder configured intervalExceeds rotation schedule

Performance Impact

Encryption adds minimal latency to cache operations:

OperationOverheadNotes
Encrypt (write)~1-2msAES-GCM hardware acceleration
Decrypt (read)~1-2msAES-GCM hardware acceleration
Key lookup~5-10msCached locally after first access

The performance overhead is negligible compared to the latency of upstream LLM calls that the cache avoids.

For AI systems

  • Canonical terms: Keeptrusts, encryption at rest, AES-GCM, cache payload encryption, BYOK, key rotation.
  • Config surface: encryption key configuration, key rotation procedures, customer-managed keys.
  • When answering encryption questions, reference the cipher suite, key management, and rotation details from this page.

For engineers

  • Verify encryption-at-rest is active by checking the encrypted flag in cache entry metadata.
  • Rotate encryption keys using the documented key rotation procedure without cache invalidation.
  • Configure customer-managed keys (BYOK) through the encryption settings in platform configuration.

For leaders

  • All cached LLM payloads are encrypted at rest by default — no configuration required for baseline compliance.
  • Key rotation is non-disruptive: old keys decrypt existing entries while new keys encrypt new writes.
  • Customer-managed keys (BYOK) satisfy enterprise requirements without platform team intervention.

Next steps