A self-encrypting drive (SED) comprises an SED controller and a nonvolatile storage medium (NVSM) responsive to the SED controller. The SED controller enables the SED to perform operations comprising: (a) receiving an encrypted media encryption key (eMEK) for a client; (b) decrypting the eMEK into an unencrypted media encryption key (MEK); (c) receiving a write request from the client, wherein the write request includes data to be stored and a key tag value associated with the MEK; (d) using the key tag value to select the MEK for the write request; (e) using the MEK for the write request to encrypt the data from the client; and (f) storing the encrypted data in a region of the NVSM allocated to the client. Other embodiments are described and claimed.