diff --git a/pods/storage/types.mdx b/pods/storage/types.mdx
index 7658ddd3..287aa368 100644
--- a/pods/storage/types.mdx
+++ b/pods/storage/types.mdx
@@ -28,6 +28,23 @@ The container disk provides temporary storage for the operating system and sessi
 
 The volume disk provides persistent storage that is retained throughout the Pod's lease. Data stored in the `/workspace` directory survives Pod stops and restarts, but is deleted when the Pod is terminated. This is ideal for storing models, datasets, and checkpoints that you need to access across multiple sessions.
 
+### Encrypted volumes
+
+You can encrypt your volume disk to protect sensitive data. When encryption is enabled, the volume is encrypted at rest on the host machine, and only your Pod can access the data.
+
+To enable encryption when creating a Pod:
+
+- **Web interface**: Select the **Encrypt volume** checkbox in the Pod creation flow.
+- **API**: Pass a `volumeKey` parameter to the Pod creation mutation (`podFindAndDeployOnDemand`, `podRentInterruptable`, or similar). The key must be alphanumeric and between 1-30 characters.
+
+<Warning>
+Your encryption key cannot be retrieved, and bring your own key is not supported. Runpod securely stores your key and passes it only to your container image at runtime.
+</Warning>
+
+<Note>
+Encryption applies to volume disk and network volumes. Container disk cannot be encrypted.
+</Note>
+
 ## Network volume
 
 Network volumes provide permanent storage that exists independently from any Pod. You can attach a network volume to multiple Pods, transfer it between machines, and retain your data even after deleting a Pod. This makes network volumes ideal for shared datasets, collaborative workflows, and portable storage.