> ## Documentation Index
> Fetch the complete documentation index at: https://docs.karta.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Data isolation

> Per-tenant encryption at rest with customer-managed or Karta-managed keys, crypto-shredding, and an immutable access audit.

Data isolation encrypts your agents' durable content at rest under
partition-specific key material. With a customer-managed key, you can make the
content permanently unrecoverable by revoking or destroying the key without
touching the stored data itself. With a Karta-managed per-tenant key, Karta
enforces the same partition boundary and crypto-shredding control on your behalf.

It covers the content Karta keeps for you between sessions: a karta's durable
workspace and its data-plane conversation history.

<Note>
  Data isolation is configured per organization, and can be scoped to a finer
  **isolation partition** within an organization when you serve multiple brands or
  business units that must stay cryptographically separate. Each partition gets its
  own key.
</Note>

## Encryption at rest under partition keys

Every durable store is encrypted with **AES-256-GCM**. Karta uses envelope
encryption: each record is sealed with a short-lived data key, and that data key
is wrapped by the partition's **master key**. Your content is never encrypted
directly under the master key, so rotating or revoking the master key acts on the
small wrapped keys rather than on gigabytes of stored content.

Each record's encryption is bound to its exact context - the organization, the
isolation partition, the karta, and the field it belongs to. Content sealed in
one context cannot be moved, replayed, or substituted into another.

## Customer-managed keys

<Columns cols={2}>
  <Card title="Bring your own key" icon="key">
    Point Karta at a key in your own cloud KMS (a customer-managed CMK). Karta is
    granted scoped use of the key and never holds custody, so you can withdraw
    that access at any time.
  </Card>

  <Card title="Karta-managed key" icon="key-skeleton">
    For a lighter setup, Karta can hold a dedicated per-tenant key on your
    behalf, with the same tenant-level separation and the same revoke and audit
    controls.
  </Card>
</Columns>

## Crypto-shredding

Because your content is only ever readable through the partition key, controlling
that key controls the data.

<CardGroup cols={2}>
  <Card title="Revoke (reversible)" icon="ban">
    Suspend access to the partition key. Your content immediately becomes
    unreadable and any in-flight work for that partition stops. Re-enable access
    and it is readable again. Nothing was destroyed.
  </Card>

  <Card title="Delete (permanent)" icon="trash">
    Destroy the key. The encrypted content remains on disk but can never be
    decrypted again, by anyone. You erase the data by erasing its key, instantly
    and irreversibly.
  </Card>
</CardGroup>

Crypto-shredding gives you a clean answer to deletion and right-to-erasure
obligations: one key action renders an isolation partition's content
unrecoverable everywhere it is stored, with no need to locate and scrub every
copy.

<Warning>
  Key deletion is irreversible. Once the key is gone, the content it protected
  cannot be recovered. Treat it as the permanent erasure control it is.
</Warning>

## Operator access

With data isolation on, an operator with access to the underlying storage sees
only ciphertext. With a customer-managed key, Karta cannot read protected content
without access to your KMS key, and you decide when that access exists. With a
Karta-managed per-tenant key, key use stays scoped to the tenant partition and is
audited; customer-managed keys are the option for unilateral revocation.

## Rotate keys without re-encrypting your data

Rotate your master key on whatever schedule your policy requires. Rotation
re-wraps the small data keys under the new master key; your stored content is
never rewritten. Content encrypted before a rotation stays readable throughout,
and you choose when to retire the old key version.

## Tamper and rollback resistance

Durable content is authenticated, so a modified or substituted record fails to
decrypt rather than returning altered data. A tamper-evident record of the latest
committed state refuses any attempt to roll your durable workspace or data-plane
conversation history back to an earlier version, or to reorder or drop messages.

## Immutable access audit

Every key use and every content access is written to an append-only audit trail.
The trail records the operation, the partition, and the outcome using opaque
identifiers only, never your content. You get a verifiable record of what touched
your data and when, including reads that did not require a fresh key operation.