Encryption

In Transit

• TLS 1.2+ for client-server and service-service communication
• HSTS and modern ciphers for transport hardening

At Rest

• encrypted storage at provider-managed and application-managed layers
• key management with periodic rotation

Operational Controls

• strict secret handling practices
• audited key access and least-privilege scopes