All Products
Search
Document Center

ApsaraMQ for RocketMQ:Disk encryption

Last Updated:Jun 04, 2026

Message Queue for Apache RocketMQ Disk Encryption protects messages at rest, enhancing data security for Message Queue for Apache RocketMQ instances.

Background

Message Queue for Apache RocketMQ Disk Encryption keeps messages encrypted at rest, protecting sensitive data in finance, social media, e-commerce, and other security-critical applications.

Limitations

  • Disk Encryption is available only for Message Queue for Apache RocketMQ V5.x Enterprise Platinum Edition instances.

  • You can enable Disk Encryption only when you create an instance.

  • Your Disk Encryption key must be a Key Management Service (KMS) key created in the same region as your instance.

  • Once enabled, Disk Encryption cannot be disabled.

    Important

    If the KMS instance expires, the key becomes unusable.

  • If the encryption key or its required tag (acs:rocketmq:instance-encryption) is deleted, read and write operations on the Message Queue for Apache RocketMQ instance fail.

Prerequisites

Procedure

  1. Log on to the ApsaraMQ for RocketMQ console.

  2. In the top navigation bar, select a region, such as China (Hangzhou).

  3. On the Instances page, click Create Instance. In the Create Message Queue for Apache RocketMQ Instance panel, select V5.0 for Instance Version, select a Product Type, and then click OK.

    Disk Encryption for Message Queue for Apache RocketMQ supports these billing methods:

    • Subscription: Monthly prepaid for the computing specification.

    • Pay-as-you-go: Hourly billing for the computing specification.

  4. On the purchase page, select the instance specifications, click Calculating, and complete the payment.

    Use these example values to configure the instance. Instance selection describes all available parameters.

    Parameter

    Value

    Primary edition

    Enterprise Platinum Edition

    Sub-category edition

    Cluster High-availability Edition (Recommended for Production Environments)

    Computing specification

    rmq.s2.2xlarge

    VPC ID

    vpc-bp1cg09dua6sgh0******

    The ID of the VPC created in the prerequisites.

    vSwitch ID

    vsw-bp1vqb0p9nz3irz******

    The ID of the vSwitch created in the prerequisites.

    Internet access

    Disable

    Resource Group

    The default Resource Group.

    Disk Encryption

    Enable

    Disk encryption key

    key-hzz66c8207****

    The ID of the key created in the prerequisites.