Tablestore provides multiple features related to data security to ensure data security. This topic describes the features.
AccessKey pair security
Tablestore allows you to use the V4 signature algorithm to protect your AccessKey pair. Tablestore uses the derived key generated by the V4 signature algorithm instead of the AccessKey pair for identity authentication to reduce the risk of AccessKey pair leakage. For more information, see AccessKey pair security.
Data encryption
Tablestore supports the disk encryption feature to prevent attackers from bypassing databases. For more information, see Data encryption. Tablestore supports encryption methods, such as encryption based on a Key Management Service (KMS) key and encryption based on Bring Your Own Key (BYOK).
In addition, Tablestore supports encryption based on the Transport Layer Security (TLS) protocol. Data transmission between the Tablestore server and the client is encrypted based on the TLS protocol. For more information, see Restrict the TLS versions that can be used to access a Tablestore instance.
Network security
By default, you can access a Tablestore instance in the Tablestore console or by using the classic network endpoint or virtual private cloud (VPC) endpoint. You can bind VPCs to a Tablestore instance and set the Access Type parameter to Bound VPCs to allow access only from the bound VPCs. This ensures network access security. For more information, see Network security management.
