Encryption at Rest + in Transit
Comprehensive encryption architecture showing TLS 1.3 and mTLS for in-transit encryption between clients and application servers, with KMS-managed envelope encryption (DEK + KEK) protecting databases, object stores, and block storage at rest.
general · architecture diagram.
Comprehensive encryption architecture showing TLS 1.3 and mTLS for in-transit encryption between clients and application servers, with KMS-managed envelope encryption (DEK + KEK) protecting databases, object stores, and block storage at rest.
Created by
February 8, 2026
Updated
February 13, 2026 at 5:47 PM
Type
architecture
Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.
