A technology is described for applying an encrypted customer security rule set to an application firewall. An example method may include obtaining an encrypted customer security rule from a shared data store for use by an application firewall that operates at an entry point to a computing service environment that utilizes security rules to monitor, filter, and manipulate network traffic. The customer encryption key used to decrypt the encrypted customer security rule in volatile computer memory may be obtained from a key data store and the encrypted customer security rule may be decrypted in the volatile computer memory using the customer encryption key, thereby forming a corresponding unencrypted customer security rule in the volatile computer memory. A volatile computer memory location containing the unencrypted customer security rule may be provided to the application firewall to enable the unencrypted customer security rule to be applied by the application firewall.