Heroku data services now accept customer-managed encryption keys

Change effective on 06 May 2020

You can now encrypt Heroku Postgres, Redis, and Kafka with your own key.

With Bring Your Own Key (BYOK), create a key in your AWS KMS account to encrypt your Heroku Private or Shield data service, its backups, and any forks and followers. Disable the key to render your data inaccessible.

Use of this feature is optional. Heroku continues to create and manage the key lifecycle for our data services.