From dcb72907db6489f28f1a7e9b12f8deabc3cb5e76 Mon Sep 17 00:00:00 2001 From: "promptless[bot]" Date: Wed, 15 Apr 2026 19:05:20 +0000 Subject: [PATCH 1/3] Add encrypted volumes documentation to storage types page Document how to enable volume disk encryption via the web interface and API, including key format requirements and security considerations. --- pods/storage/types.mdx | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pods/storage/types.mdx b/pods/storage/types.mdx index 7658ddd3..57abda7f 100644 --- a/pods/storage/types.mdx +++ b/pods/storage/types.mdx @@ -28,6 +28,23 @@ The container disk provides temporary storage for the operating system and sessi The volume disk provides persistent storage that is retained throughout the Pod's lease. Data stored in the `/workspace` directory survives Pod stops and restarts, but is deleted when the Pod is terminated. This is ideal for storing models, datasets, and checkpoints that you need to access across multiple sessions. +### Encrypted volumes + +You can encrypt your volume disk to protect sensitive data. When encryption is enabled, the volume is encrypted at rest on the host machine, and only your Pod can access the data. + +To enable encryption when creating a Pod: + +- **Web interface**: Select the **Encrypt volume** checkbox in the Pod creation flow. +- **API**: Pass a `volumeKey` parameter to the Pod creation mutation (`podFindAndDeployOnDemand`, `podRentInterruptable`, or similar). The key must be alphanumeric and between 1-30 characters. + + +Your encryption key cannot be retrieved after Pod creation. If you lose the key, you will not be able to recover data from the encrypted volume. + + + +Encryption applies to volume disk only. Container disk and network volumes cannot be encrypted. + + ## Network volume Network volumes provide permanent storage that exists independently from any Pod. You can attach a network volume to multiple Pods, transfer it between machines, and retain your data even after deleting a Pod. This makes network volumes ideal for shared datasets, collaborative workflows, and portable storage. From 0dfdfd5bff0b09a8782517e07dd3cc2b997260a9 Mon Sep 17 00:00:00 2001 From: "promptless[bot]" <179508745+promptless[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 19:13:59 +0000 Subject: [PATCH 2/3] Update from greg.wester@runpod.io --- pods/storage/types.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pods/storage/types.mdx b/pods/storage/types.mdx index 57abda7f..d6e5c031 100644 --- a/pods/storage/types.mdx +++ b/pods/storage/types.mdx @@ -38,7 +38,7 @@ To enable encryption when creating a Pod: - **API**: Pass a `volumeKey` parameter to the Pod creation mutation (`podFindAndDeployOnDemand`, `podRentInterruptable`, or similar). The key must be alphanumeric and between 1-30 characters. -Your encryption key cannot be retrieved after Pod creation. If you lose the key, you will not be able to recover data from the encrypted volume. +Your encryption key cannot be retrieved, and bring your own key is not supported. Runpod securely stores your key and passes it only to your container image at runtime. From b3b88d0df32c8db86c574510282bb1d31b9bae8a Mon Sep 17 00:00:00 2001 From: "promptless[bot]" <179508745+promptless[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 19:14:56 +0000 Subject: [PATCH 3/3] Update from greg.wester@runpod.io --- pods/storage/types.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pods/storage/types.mdx b/pods/storage/types.mdx index d6e5c031..287aa368 100644 --- a/pods/storage/types.mdx +++ b/pods/storage/types.mdx @@ -42,7 +42,7 @@ Your encryption key cannot be retrieved, and bring your own key is not supported -Encryption applies to volume disk only. Container disk and network volumes cannot be encrypted. +Encryption applies to volume disk and network volumes. Container disk cannot be encrypted. ## Network volume