This topic describes how to configure disk encryption for an ApsaraDB RDS for SQL Server instance equipped with standard or enhanced SSDs. The disk encryption feature provides maximum protection for your data without interruptions to your business or the need to make changes to your application.


The disk encryption feature encrypts the entire disks of your RDS instance based on block storage. Your data cannot be cracked even if it is leaked.


  • Your RDS instance is being created. Disk encryption cannot be enabled after your RDS instance is created. For more information, see Create an RDS SQL Server instance.
  • The Standard SSD or Enhanced SSD storage type is selected for your RDS instance. For more information, see Storage types.
  • Your RDS instance resides in the China (Shanghai) or China (Hangzhou) region.


The disk encryption feature is free of charge. You do not need to pay additional fees for the read or write operations you perform on encrypted disks.


  • The disk encryption feature cannot be disabled after you enable it.
  • After you enable disk encryption for your RDS instance, both the snapshots generated by that RDS instance and the new RDS instances created from those snapshots are automatically encrypted.


Create an RDS SQL Server instance with the Standard SSD or Enhanced SSD storage type and the Disk Encryption option selected. Then, select a key used for data encryption.

Note For more information, see Manage CMKs.