diff --git a/modules/ROOT/pages/security/encryption.adoc b/modules/ROOT/pages/security/encryption.adoc
index b2c2b0e39..007760100 100644
--- a/modules/ROOT/pages/security/encryption.adoc
+++ b/modules/ROOT/pages/security/encryption.adoc
@@ -84,6 +84,11 @@ When using a Customer Managed Key within Aura to encrypt one or more Aura databa
 If you no longer need to use this Customer Managed Key to encrypt Aura databases, first delete the Aura database instances that are encrypted with the key, then you can remove the key from Aura.
 Keep in mind that this process only breaks the link between the key and Aura - it does not delete the actual key from the Cloud KMS.
 
+== Region requirements
+
+The Customer Managed Key must be created in the same region as your Aura instance. 
+This applies to AWS, Azure, and GCP.
+
 == AWS keys
 
 === Create an AWS key