Durability, Security, and Reliability

  • Updated on Dec 9, 2025
  • Published on Dec 13, 2023
  • 2 minute(s) read
Prev Next

Wasabi is Durable

Wasabi is designed to provide 99.999999999% (11 × 9s) durability of objects over a given year. For more details on durability and Wasabi's data protection capabilities, review Data Protection With Wasabi Hot Cloud Storage.

Wasabi recommends having a backup and putting safeguards in place to protect against malicious or accidental user errors. This best practice approach includes secure access permissions and regularly tested backup. Additionally, Wasabi provides durability and compliance at the bucket level to prohibit deletion of the data in a bucket.

Your Data is Secure

All data stored in Wasabi Hot Cloud Storage is secure and encrypted at REST, even if the data is already encrypted by the storage application before sending it to Wasabi. Wasabi follows industry-best security models and security design practices. Examples of Wasabi security features include:

  • HTTPS is supported for secure upload/download of data.

  • Buckets are only accessible to the bucket and object creators.

  • Wasabi supports user authentication to control access to data.

  • Access control mechanisms such as bucket policies and access control lists (ACLs) can be used to selectively grant permissions to users and groups of users.

For additional information on Wasabi security, review Wasabi Cloud Storage Security.

Wasabi's Methods for Encryption at REST

Additional information on Wasabi’s encryption at REST, also known as DARE or data-at-rest-encryption, is provided below.

Wasabi system software always encrypts object data before it is written to a disk drive. Encryption is done using an AES256-bit key that can be provided in two different ways:

  • If the S3 client application provides an encryption key in the S3 PUT Object Data REST request (the SSE-C approach described in Using Server-Side Encryption With Customer-Provided Keys (SSE-C)), that key is used to encrypt the object data before writing to disk. After the PUT Object operation is completed, the key is discarded. The S3 client application must provide the same encryption key in an S3 GET Object REST request to access the data. The Wasabi system software does not keep a copy of the encryption key, and it is only stored temporarily in memory while the object is being encrypted. For more information on the working of SSE-C with Wasabi, review SSE-C Encryption With Wasabi.

  • If no key is provided by the S3 client application (meaning SSE-C is not used), a random AES256-bit key is generated using a cryptographic random routine in Wasabi software. A different encryption key is generated for each object stored in the system. This AES-256 bit key is stored in the metadata secure layer of the Wasabi system until you delete that object, and is used again for decryption when you make a GET call for your object(s). That way, you get the same data back in your native format.

Wasabi is Reliable

The Wasabi infrastructure has been built using industry best practices for redundancy in storage region and data center design.