Bring your own key (BYOK)

[jeff-matthews]

Summary by CodeRabbit

• Documentation
  • Reorganized enterprise security overview with improved heading hierarchy for clearer structure.
  • Added "Bring Your Own Key (BYOK) Encryption" section describing encryption-at-rest behavior and considerations.
  • Included operational guidance: prerequisites, cross-account setup workflow, and key management topics (availability, rotation, cost, migration).
  • Minor formatting cleanup for consistency.

Staging

https://specterops-bp-2585-bring-your-own-key.mintlify.app/get-started/security-boundaries/enterprise-security-overview#bring-your-own-key-encryption

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4272f708-a9bc-4638-8fc6-5b15c7d75149

📥 Commits

Reviewing files that changed from the base of the PR and between 16cc90e and 81fe899.

📒 Files selected for processing (1)

• docs/get-started/security-boundaries/enterprise-security-overview.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/get-started/security-boundaries/enterprise-security-overview.mdx

---

Walkthrough

Documentation restructured by promoting several headings and expanded with a new "Bring Your Own Key Encryption" subsection explaining BYOK-at-rest, considerations, prerequisites, and a step-by-step setup workflow.

Changes

Documentation Restructuring & BYOK Encryption Guide

Layer / File(s)	Summary
Section hierarchy promotions docs/get-started/security-boundaries/enterprise-security-overview.mdx	Promoted "Introduction and Architecture" and "AWS Datacenter Security" headings to higher levels; restructured "Customer Data Storage and Separation" into clearer sections: "Separation of Customer Data", "Data Backup and Retention", and "Customer Data Security".
Bring Your Own Key (BYOK) subsection docs/get-started/security-boundaries/enterprise-security-overview.mdx	Added BYOK-at-rest description, "Important Considerations" (availability, rotation, cost, migration), "Prerequisites", and a step-by-step "Setup Process" covering CMK creation, cross-account access configuration, providing the Key ARN, and tenant provisioning coordination.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble docs by lantern light,
I hop through headings, set them right.
A polished section, BYOK in place,
Keys held close, encryption's embrace.
A little hop — secure the space! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Bring your own key (BYOK)' directly matches the main feature being documented in the pull request - a new BYOK encryption subsection with operational guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch BP-2585-bring-your-own-key

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

docs/get-started/security-boundaries/enterprise-security-overview.mdx (1)

13-19: ⚡ Quick win

Promote “Customer Data Residency and Subprocessors” to a real heading

That line is currently plain body text, so it won’t appear in navigation/TOC and breaks the section pattern.

Suggested edit

- Customer Data Residency and Subprocessors
+ ### Customer Data Residency and Subprocessors

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/get-started/security-boundaries/enterprise-security-overview.mdx` around
lines 13 - 19, The line "Customer Data Residency and Subprocessors" is plain
text and should be a heading so it appears in the TOC; change that line into an
appropriate heading (e.g., add "### " or "#### " before the text) directly after
the <Frame> block so it becomes a real Markdown/MDX heading (reference the
existing heading "Single-Tenant Architecture Diagram" to choose the correct
level) and ensure spacing/newline is correct so the MDX parser recognizes it as
a heading.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docs/get-started/security-boundaries/enterprise-security-overview.mdx`:
- Around line 13-19: The line "Customer Data Residency and Subprocessors" is
plain text and should be a heading so it appears in the TOC; change that line
into an appropriate heading (e.g., add "### " or "#### " before the text)
directly after the <Frame> block so it becomes a real Markdown/MDX heading
(reference the existing heading "Single-Tenant Architecture Diagram" to choose
the correct level) and ensure spacing/newline is correct so the MDX parser
recognizes it as a heading.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4cb1cc95-8e6f-48ac-8789-bb06ebe2f8f9

📥 Commits

Reviewing files that changed from the base of the PR and between 14cfa5b and 16cc90e.

📒 Files selected for processing (1)

• docs/get-started/security-boundaries/enterprise-security-overview.mdx

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
bloodhound	🟢 Ready	View Preview	May 1, 2026, 7:09 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[slokie-so]

LGTM