The following encryption is always provided in IBM Event Streams:
- Network connections into the Event Streams deployment from external clients are secured using TLS.
- Kafka replication between brokers is also TLS encrypted.
Consider the following for encryption as well:
- Internal Kafka listeners can be configured with or without encryption as described in configuring access.
- The REST producer endpoint can be configured with or without encryption as described in configuring access.
In addition, you can supplement the existing data encryption with disk encryption where supported by your chosen storage provider. You can also encrypt messages within your applications before producing them.