---
title: Load Balancer Encryption
description: Encrypt an E2E Load Balancer's data at rest with LUKS full-disk encryption, enabled at creation time, and create an encrypted load balancer.
---

# Load Balancer Encryption

Load Balancer encryption protects the data the load balancer handles **at rest** by encrypting its storage volumes. This safeguards sensitive information such as SSL/TLS certificates and configuration data, even if the underlying hardware is compromised. The encryption is transparent to traffic and has minimal performance impact.

This page explains how encryption works and how to create an encrypted load balancer. Encryption must be enabled **during creation** — it cannot be added to an existing load balancer.

---

## How Load Balancer Encryption Works

- **Enable at creation.** When you create a load balancer, select the **Enable Encryption** checkbox. You can optionally provide a passphrase to further protect the encrypted load balancer.
- **LUKS full-disk encryption.** E2E uses LUKS (Linux Unified Key Setup) to encrypt the load balancer at the block level. The default cipher is `aes-xts-plain64` with a 512-bit key. Both the system and configuration volumes are encrypted, protecting critical components such as SSL/TLS certificates and load-balancing policies.
- **Encrypted LVM volumes.** The Logical Volume Management (LVM) volumes backing the load balancer are encrypted in the backend as part of a comprehensive disk-protection strategy. This is transparent to you — there is no manual intervention and no visible footprint in the interface while traffic-related data and configuration stay protected.
- **Managed from MyAccount.** The combination of LUKS encryption and management through the MyAccount portal lets you meet data-confidentiality and compliance requirements while running load-balanced services securely.

:::warning
Encryption can only be enabled at creation time. It cannot be enabled or disabled after the load balancer is created. If you need an encrypted load balancer, create a new one with encryption enabled.
:::

---

## Passphrase Rules

If you set an encryption passphrase, it must be **8 to 12 characters** and include at least one lowercase letter, one uppercase letter, and one special character. Store the passphrase securely.

---

## Create an Encrypted Load Balancer

The flow is the same as a standard load balancer, with the **Enable Encryption** step before launch.

1. **Log in** to the [MyAccount portal](https://myaccount.e2enetworks.com/).
2. Go to **Compute > Load Balancer** and select **Create New Load Balancer**.
3. **Select a plan** and continue.
4. **Choose the type** — Application Load Balancer (ALB) or Network Load Balancer (NLB).
5. **Enter the details** — name, scheme, and (for an ALB) the front-end protocol — then continue.
6. **Add backend servers.** Select **Add Server** and enter the server name, IP, and port.
7. **Configure the backend group** — backend name, routing policy, backend type, backends, and (for an ALB) WebSocket timeout — then continue.
8. **Configure peak performance features** — select or create a VPC and reserved IP, choose IPv6 and BitNinja if needed, and set the connection, client, server, and HTTP keep-alive timeouts.
9. **Enable encryption.** Select the **Enable Encryption** checkbox (and optionally enter a passphrase). Encryption can only be enabled here, during creation.
10. **Launch** the load balancer.

For the full create flow and every field, see [Create an Application Load Balancer](/docs/myaccount/load-balancer/getting-started/create-application-load-balancer) or [Create a Network Load Balancer](/docs/myaccount/load-balancer/getting-started/create-network-load-balancer).

:::tip
Encryption protects data at rest. To secure traffic in transit between clients and the load balancer, also configure HTTPS — see [SSL Certificates](/docs/myaccount/load-balancer/features/ssl-certificates).
:::

---

## Related Resources

| Resource                                                                                                              | Use it for                                     |
| --------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- |
| [Create an Application Load Balancer](/docs/myaccount/load-balancer/getting-started/create-application-load-balancer) | Full ALB create flow with the encryption step. |
| [Create a Network Load Balancer](/docs/myaccount/load-balancer/getting-started/create-network-load-balancer)          | Full NLB create flow with the encryption step. |
| [SSL Certificates](/docs/myaccount/load-balancer/features/ssl-certificates)                                           | Encrypt traffic in transit with HTTPS.         |
| [Node Encryption](/docs/myaccount/node/features/encryption)                                                           | Encryption-at-rest behavior for compute nodes. |