Skip to main content

ADR-007: Data Residency via Regional Isolation and KMS Keys

Status: Accepted
Date: 2026-02-07

Context

Enterprise tenants require data residency guarantees and isolation of sensitive data.

Decision

Deploy per-region clusters with tenant data pinned to a residency region and encrypted with per-tenant KMS keys.

Consequences

Clear compliance posture for residency requirements.
Increased operational complexity across regions.
Requires routing and tenant provisioning logic in control plane.

Context
Decision
Consequences