Data may be securely stored onto a shippable data storage device in order for the client data to be protected during shipment to the remote storage service provider. The service provider prepares a shippable storage device and ships it to the client. The service provider also sends client-keys and security information to the client, separate from the shippable storage device. A client-side data transfer tool authenticates the shippable storage device using the security information. The data transfer tool generates keys to encrypt the customer data. The data transfer tool then uses the client-keys received from the service provider to encrypt the tool-generated keys. The encrypted data and the encrypted tool-generated keys are transferred onto the shippable storage device. The shippable storage device is then shipped back to the service provider, which decrypts the tool-generated keys and the encrypted data before importing the data.