Introducing Customer-Managed Encryption Keys (CMEK) on Zilliz Cloud
In enterprise AI, encryption is table stakes. Every serious cloud provider encrypts data at rest. The question that actually separates a compliant deployment from a truly secure one is more pointed: who holds the encryption keys?
For security architects in regulated industries, the answer to that question determines whether a vendor earns a spot in their stack — or gets blocked by procurement. Today, we're giving you a definitive answer on Zilliz Cloud.
We're announcing the general availability of Customer-Managed Encryption Keys (CMEK) on Zilliz Cloud.
With CMEK, you bring your own keys from your own cloud provider’s Key Management Service (KMS). You manage the full lifecycle. And if you ever need to revoke access — for any reason, at any moment — you can cut off an entire cluster with a single action. Cryptographically. Instantly. Without touching us.
The Problem With "We Encrypt Your Data"
Most managed services encrypt your data — and then manage the encryption keys on your behalf. That's a meaningful baseline. But it creates a dependency that compliance teams, security architects, and regulated-industry CISOs have learned to interrogate carefully.
With platform-managed encryption, the provider holds the master key. Your data is encrypted, but you cannot independently verify access patterns, cannot satisfy requirements for segregation of duties between the data processor and the key holder, and cannot instantly revoke access without going through the vendor.
For organizations in healthcare, financial services, government, and legal tech, this isn't a philosophical concern. It's a gating requirement. Many compliance frameworks — GDPR, HIPAA, PCI-DSS, SOC 2 — are increasingly explicit: the entity that stores and processes data should be separate from the entity that controls the encryption keys.
Vector databases make these stakes even higher.
Why Vector Data Demands Stricter Key Control
Vector databases sit at a uniquely sensitive position in the AI stack. The embeddings stored in a vector database are derived from your most sensitive assets — customer records, proprietary documents, medical images, financial transactions, internal codebases. These aren't inert copies. In some cases, embeddings can be reversed or used to reconstruct the original content.
That makes vector data a high-value target—and it means the key control question shifts from "best practice" to "prerequisite" for any serious AI deployment.
Introducing CMEK on Zilliz Cloud
Zilliz Cloud already encrypts all data at rest using AES-256 by default. CMEK adds a critical additional layer for customers with the highest security requirements: instead of Zilliz holding the master key, you do — inside your own cloud provider's KMS.
CMEK transfers key ownership entirely to you. Here's the architecture:
You generate and store the Customer Master Key (CMK) in your KMS. It never leaves your KMS boundary. Zilliz Cloud never possesses the master key — it is granted only temporary, scoped access to use it when needed.
The CMK encrypts an intermediate Encryption Zone Key (EZK) that is unique per database. When Zilliz Cloud needs to process data, it requests that your KMS decrypt the EZK. The decrypted EZK lives only in memory, only for the duration required. This design eliminates per-operation KMS calls without weakening the security boundary.
EZKs encrypt per-file Data Encryption Keys (DEKs), which protect the actual vector blocks, indexes, and logs. This three-tier architecture limits the blast radius: if a single DEK were ever exposed, the damage would be contained to a single file.
The result is a zero-trust encryption model — your master key is the root of trust for everything — without the millisecond penalty of calling your KMS on every vector search.
What Gets Encrypted
Security gaps live in the layers you forget to protect. CMEK on Zilliz Cloud covers the full data lifecycle, not just the storage layer:
- Object storage — binlogs, index files, and snapshots in S3
- Local SSD caches — data cached on compute nodes for low-latency search
- Message queues — insert and delete operations in transit between internal components
Whether your data is at rest in long-term storage, cached for performance, or flowing through internal processing pipelines, it stays encrypted under your key, using AES-256.
Three Outcomes Security Teams Care About Most
1. Segregation of Duties — Clean and Auditable
Zilliz Cloud processes and stores your data. You hold the keys in your own KMS. These are distinct entities with distinct roles. Your compliance team can clearly define this boundary in every audit, satisfying the segregation requirements built into GDPR, HIPAA, PCI-DSS, and SOC 2.
2. Instant Revocability — The Real Kill Switch
If you detect a breach, need to offboard a vendor relationship, or must respond to a legal hold, disable your CMK directly in KMS. The effect is immediate. All data in the affected Zilliz cluster becomes cryptographically inaccessible — not deleted, not moved, not dependent on any action from us. Without the master key, your vector data is indistinguishable from random noise.
This is the strongest form of data sovereignty available in any managed service.
3. Unified Audit Trail — Inside Your Existing Infrastructure
Every key access request from Zilliz Cloud is logged in AWS CloudTrail. You get full visibility into when, how often, and from which services your keys are accessed — all within the same security monitoring infrastructure you already use for the rest of your AWS environment.
No separate vendor dashboard. No proprietary log format. Your Zilliz encryption keys live alongside your other AWS KMS keys, governed by the same policies, monitored by the same teams.
Getting Started with CMEK
We've worked to make CMEK adoption as frictionless as possible:
- Step 1 — Generate the IAM policy. In the Zilliz Console, we auto-generate the exact IAM policy snippet your AWS account needs, pre-configured with the correct principal IDs for your cluster. No manual JSON editing required.
- Step 2 — Create the key and authorize access. Create a key in your AWS KMS, apply the policy, and grant Zilliz strictly scoped permissions — Decrypt and GenerateDataKey only. Nothing broader than what's needed.
- Step 3 — Enable CMEK on your cluster. Paste the Key ARN into the Zilliz Console and toggle Customer-Managed Key to ON when creating a new Dedicated cluster.
The entire setup takes minutes, not days. Key rotation is supported with zero downtime — AWS KMS handles the rotation, and Zilliz Cloud seamlessly follows the Key ARN.
Availability
CMEK is available today for Dedicated clusters in the business-critical plan on AWS. A few things to know before getting started:
- Encryption keys are managed at the project level
- Up to 20 unique keys per project (adding duplicate keys will cause failures)
- Once a cluster is encrypted, migrating collections across databases is not supported
- The cloud provider and region of your KMS key must match those of your Zilliz Cloud cluster
- To enable CMEK on existing clusters running Milvus v2.5.x, back up your data and restore it to a new cluster on Milvus v2.6.x — Upgrading an existing cluster does not retroactively encrypt prior data
- For regions outside of AWS, contact us to discuss availability.
Questions about CMEK or enterprise security on Zilliz Cloud? Check out this CMEK document or reach out to our solutions team for more information.
Allen MoAllen Mo is the Product Manager at Zilliz. With a master's degree in information systems from New York University. He has extensive experience in database and big data area.
- The Problem With "We Encrypt Your Data"
- Why Vector Data Demands Stricter Key Control
- Introducing CMEK on Zilliz Cloud
- What Gets Encrypted
- Three Outcomes Security Teams Care About Most
- Getting Started with CMEK
- Availability
Content
Start Free, Scale Easily
Try the fully-managed vector database built for your GenAI applications.
Try Zilliz Cloud for FreeKeep Reading
Why I’m Against Claude Code’s Grep-Only Retrieval? It Just Burns Too Many Tokens
Learn how vector-based code retrieval cuts Claude Code token consumption by 40%. Open-source solution with easy MCP integration. Try claude-context today.
Long List of Awesome DeepSeek Integrations You Should Know
Discover how DeepSeek's affordable AI ecosystem challenges Silicon Valley giants with powerful integrations for developers and businesses—from RAG systems to productivity tools, all at 90% lower cost.
How AI Is Transforming Information Retrieval and What’s Next for You
This blog will summarize the monumental changes AI brought to Information Retrieval (IR) in 2024.