Data encryption - CodeArtifact

Data encryption

Encryption is an important part of CodeArtifact security. Some encryption, such as for data in transit, is provided by default and does not require you to do anything. Other encryption, such as for data at rest, you can configure when you create your project or build.

  • Encryption of data at rest - All assets stored in CodeArtifact are encrypted by using AWS KMS keys (KMS keys). This includes all assets in all packages in all repositories. One KMS key is used for each domain to encrypt all its assets. By default, an AWS managed KMS key is used, so you do not need to create a KMS key. If you want, you can use a customer-managed KMS key that you create and configure. For more information, see Creating keys and AWS Key Management Service concepts in the AWS Key Management Service User Guide. You can specify a customer-managed KMS key when you create a domain. For more information, see Working with domains in CodeArtifact.

  • Encryption of data in transit - All communication between customers and CodeArtifact and between CodeArtifact and its downstream dependencies protected using TLS encryption.