How does encryption work on Weaviate?

Over here, encryption is mentioned but no information is presented on how it works.

Is this encrypted as in no one outside of our company can access the data but for all our tenants, we can access their data though right?

And if we want to create encrypted data for our tenants, how would we go about this?

I’m thinking something like the data comes in from the user → we temporarily decrypt it → embed it → store the vector + encrypted data

Hi @Tejas_Sharma,

Thank you for your question.

have a support ticket open with you in our ticketing system, and I’m currently working to address your inquiries there.

Wishing you a lovely day!

Hello, I have the same confusion here. Interestingly, I can see that end-to-end encryption is provided on the site Security | Weaviate, and the page Weaviate Encryption At Rest | Restackio gives detailed information about Weaviate’s data encryption capabilities. However, I can’t find any related information in Weaviate’s official documentation.

hi @xushuang_hu

I believe there may be a confusion here.

While the first link mentions all the security features for our hosted customers, the second is a doc on how to install Weaviate using our helm chart on a self hosted maneer.

When deploying Weaviate yourself, you can enable a range of security layers, such as encryption at rest or SSL for exposing Weaviate, etc. But is “outside” of Weaviate, and will depend on other componentes.

Let me know if this helps.

Thanks!

@DudaNogueira
Thank you for your reply. Am I correct in understanding that if I self-host Weaviate, I can enable features like encryption at rest or KMS integration as mentioned in the second link (Weaviate Encryption At Rest | Restackio)?

However, if I’m using Weaviate Cloud, the Cloud version does not support similar integration features?

Also, I feel the distinction between Weaviate Cloud and a self-hosted Weaviate deployment is not very clear in the documentation.

Hi!

Our hosted cloud has all the mentioned implementations, along with backups, easy upgrade, support, SLAs, etc. All that is already set up for you as part of our services.

The same binary we release in our public repo is the binary we use in our cloud.

So if you self host Weaviate you may or may not want to expose it to the public.

For example. Some users has Weaviate only reachable to their backends on their own servers.

And just like any other self hosted software, you can host it in different ways.

Let me know if this helps.

Thanks!

@DudaNogueira
Thank you for your response, much appreciated.

1 Like

Could you kindly guide me to the documentation or environment variable that enables the use of the encryption at rest feature in Weaviate?

hi @Tibin_Lukose !! Welcome to our community :hugs:

The encryption at rest should be handled by the deployment, such as docker or kubernetes.

So there isn’t a variable you can set.

Let me know if this helps!

THanks!