General availability: Encryption at host support in AKS
Published date: 25 May, 2021
With host-based encryption, the data stored on the AKS agent nodes is encrypted at rest. This capability provides an additional measure of security as the data is end-to-end encrypted.
This means the temp disks are encrypted at rest with platform-managed keys. The cache of OS and data disks is encrypted at rest with either platform-managed keys or customer-managed keys depending on the encryption type set on those disks.