All Products
Search

This Product

    ApsaraMQ for RocketMQ:Disk encryption

    Document Center

    ApsaraMQ for RocketMQ:Disk encryption

    Last Updated:Feb 28, 2026

    ApsaraMQ for RocketMQ provides the disk encryption feature to ensure the security and privacy of messages stored on disk. You can use the feature in fields such as social media, finance, and e-commerce.

    Usage notes

    • Only ApsaraMQ for RocketMQ 5.x Enterprise Platinum Edition instances support disk encryption.

    • You can enable disk encryption only when you create an instance. After disk encryption is enabled, you cannot disable it.

    • The disk encryption key you create in Key Management Service (KMS) must reside in the same region as your ApsaraMQ for RocketMQ instance.

    Important

    • If the corresponding KMS instance expires, you can no longer use the disk encryption key.

    • If you delete the disk encryption key or remove the acs:rocketmq:instance-encryption tag from the key, the ApsaraMQ for RocketMQ instance loses the ability to read or write messages.

    Prerequisites

    Before you enable disk encryption, make sure the following resources are ready:

    • A virtual private cloud (VPC) and a virtual switch (vSwitch) are created. For more information, see Create a VPC and a vSwitch.

    • A security group is created. For more information, see Create a security group.

    • A disk encryption key is created in KMS. The key must meet all of the following requirements: For more information, see Create a key.

      • Type: symmetric key

      • Specification: Aliyun_AES_256 or Aliyun_SM4

      • Usage: ENCRYPT/DECRYPT

    Procedure

    1. Log on to the ApsaraMQ for RocketMQ console.

    2. In the top navigation bar, select a region, such as China (Hangzhou).

    3. On the Instances page, click Create Instance. In the Create Message Queue for Apache RocketMQ Instance panel, configure the following settings and then click OK:

      • Subscription: You pay upfront based on the computing specification and subscription duration (in months) that you select.

      • Pay-as-you-go: Fees are charged based on the computing specification that you select and the actual usage duration (in hours) of the instance.

      SettingValue
      Instance VersionV5.0
      Billing MethodSubscription or Pay-as-you-go (see descriptions below)

    4. On the buy page, select the instance specifications and click Buy Now. Follow the on-screen instructions to complete the payment. The following table describes the key parameters. For details about available specifications, see Instance selection.

      Parameter

      Example

      Primary Edition

      Enterprise Platinum Edition

      Sub-category Edition

      Cluster High-availability Edition (Recommended for Production Environments)

      Computing Specification

      rmq.s2.2xlarge

      VPC ID

      vpc-bp1cg09dua6sgh0******

      The VPC you created in the "Prerequisites" section.

      VSwitch ID

      vsw-bp1vqb0p9nz3irz******

      The vSwitch you created in the "Prerequisites" section.

      Internet Access

      Disable

      Resource Group

      The default resource group is selected in this example.

      Disk Encryption

      Enable

      Disk Encryption Key

      key-hzz66c8207****

      The KMS key you created in the "Prerequisites" section.