Resources

Documentation
CTRL K
Guides
Kubernetes
Storage - Encryption at rest

Storage - Encryption at rest

Last updated on: January 14, 2026

All block storage devices created by the CSI driver can be optionally encrypted at rest.
Encryption support was added to CSI driver in version v1.1.0.

Encryption at rest can be enabled by defining encryption parameter in storage class

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: upcloud-encrypted-block-storage
  namespace: kube-system
parameters:
  tier: maxiops
  encryption: data-at-rest
provisioner: storage.csi.upcloud.com

Once defined, use newly created storage class with storage that you want to encrypt

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: csi-pvc-encrypted
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: upcloud-encrypted-block-storage
Contributed by: Ville Vesilehto

Can't find what you're looking for?

For more help you can contact our awesome 24/7 support team

Contact Support

  • Search documentation
to select
to navigate
ESC to close