To preserve the integrity of customer data present in its devices in Ukraine, Russia, and Belarus, Cloudflare has removed the customer encryption keys out of the data centers.
The services will continue to operate in the regions using Keyless SSL technology, which allows encryption sessions to be terminated in a secure data center away from where there may be a risk of compromise.
In addition, of any of the servers in Ukraine, Belarus, or Russia lose power or connectivity to the Internet, they have been configured them to brick themselves. Bricked machines will not be able to be booted unless a secure, machine-specific key that is not stored on site is entered.
The Cloudflare blog