Skip to main content

Auto Scale Encryption

Auto Scale encryption protects the data on a scale group's nodes at rest by encrypting their storage. Because group nodes are launched and terminated dynamically, encryption is applied automatically to every node the Scaler creates — so workloads that scale in response to demand stay protected even during rapid, unattended scaling events.

This page explains how encryption works and how to create an encrypted scale group. Encryption must be enabled during creation — it cannot be added to an existing scale group.

How Auto Scale Encryption Works

  • Enable at creation. In the Security section of the create flow, select Enable Encryption. You can optionally provide a passphrase for an added layer of protection.
  • LUKS full-disk encryption. E2E uses LUKS (Linux Unified Key Setup) to encrypt group nodes at the block level. The default cipher is aes-xts-plain64 with a 512-bit key, in line with industry best practice. Every node the Scaler launches for the group is encrypted the same way.
  • Automatic across the pool. Encryption is applied to each new node without manual intervention, so a scale group that grows from 2 to 20 nodes encrypts all 20 consistently.
  • Managed from MyAccount. The combination of LUKS encryption and management through the MyAccount portal lets you meet data-confidentiality and compliance requirements while scaling dynamically.
warning

Encryption can only be enabled at creation time. It cannot be enabled or disabled after the scale group is created. If you need an encrypted scale group, create a new one with encryption enabled. The encryption flag is shown only for groups that were created with encryption enabled.

Passphrase Rules

If you set an encryption passphrase, it must be 8 to 12 characters and include at least one lowercase letter, one uppercase letter, and one special character (!@#$%^&*). Store the passphrase securely — it cannot be recovered.

Create an Encrypted Scale Group

The flow is identical to a standard scale group, with the Enable Encryption step before launch.

  1. Log in to the MyAccount portal.
  2. Go to Compute > Auto Scaling and start the create flow.
  3. Select a saved image in the Ready state.
  4. Select a plan.
  5. Configure scale group settings — name, minimum/maximum nodes, policy, and network.
  6. Enable encryption. In the Security section, select the Enable Encryption checkbox and optionally enter a passphrase.
  7. Select Create Scale.

For the full create flow and every field, see Create a Scale Group.

ResourceUse it for
Create a Scale GroupFull create flow with the encryption step.
Auto Scaling ConceptsSaved images, plans, and policies.
Node EncryptionEncryption-at-rest behavior for compute nodes.
Node ImagesCapture a saved image for the group.
Last updated on June 9, 2026.