Aspects of a storage device are provided that perform partial decryption of host encrypted data and encryption of host provided data using received or generated keys for data targeted for compute services. The storage device may include a non-volatile memory and a controller. The controller may receive encrypted data, receive a key associated with a portion of the encrypted data, and decrypt the portion of the encrypted data based on the key without decrypting a remainder of the encrypted data. The controller may also receive data, receive or generate a key associated with a portion of the data, encrypt the portion of the data based on the key without encrypting a remainder of the data based on the key, and store the encrypted portion of the data in the non-volatile memory for subsequent decryption. As a result, a balance between encrypted data storage and decrypted data security may be achieved.