Capella has introduced a new feature called Customer-Managed Encryption Keys (CMEK), which empowers businesses to enhance their data protection by managing their encryption keys independently. CMEK allows customers to use self-managed encryption keys for encrypting and decrypting data at rest, providing them control over security aspects like encryption algorithms and key rotation policies. This feature is particularly beneficial for businesses dealing with highly sensitive data and needing to comply with strict security regulations. The CMEK system is integrated into Capella through the Management API and is available for AWS and GCP clusters, allowing customers to associate CMEK with existing or new clusters. The process involves creating a key in a cloud-native Key Management Service (KMS), configuring it for encryption and decryption, ensuring regional compatibility, and updating key access policies. Capella facilitates the key's integration with clusters, including key rotation for enhanced security, while maintaining the clusters' operational health and avoiding downtime during key changes.