Encryption at Rest + in Transit

GENERALArchitecture
Encryption at Rest + in Transit — GENERAL architecture diagram

About This Architecture

Comprehensive encryption architecture showing TLS 1.3 and mTLS for in-transit encryption between clients and application servers, with KMS-managed envelope encryption (DEK + KEK) protecting databases, object stores, and block storage at rest.

Architecture prompt

Comprehensive encryption architecture showing TLS 1.3 and mTLS for in-transit encryption between clients and application servers, with KMS-managed envelope encryption (DEK + KEK) protecting databases, object stores, and block storage at rest.

Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.

Generate your own architecture diagram →

Diagrams.so

About This Architecture

Comprehensive encryption architecture showing TLS 1.3 and mTLS for in-transit encryption between clients and application servers, with KMS-managed envelope encryption (DEK + KEK) protecting databases, object stores, and block storage at rest.

Encryption at Rest + in Transit

AutoCurated TemplateSecurity
2 views0 favoritesPublic

Created by

February 8, 2026

Updated

April 9, 2026 at 12:23 AM

Type

architecture

Need a custom architecture diagram?

Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.

Generate with AI