Skip to Main Content
EventStoreDB Ideas Portal

Ideas for improvements and new features in EventStoreDB, client libraries, and database extensions.

Status Shipped
Workspace EventStoreDB
Categories Compliance Security
Created by Alexey Zimarev
Created on Jan 4, 2024

Encryption At Rest

Encryption at rest is a feature that won't be immensely popular, but those who need it won't be able to use ESDB without it. Some certifications like HIPAA require encryption at rest.

Encrypting data directly in the database is different compared to encrypted volumes, which is easy to implement in all modern cloud environments. The issue with encrypted volumes is that when the machine is running, everyone who has access to the machine can read the data stored in the database. When the database itself is encrypted, and the key isn't stored anywhere on the machine, obtaining sensitive data from the database would be a very hard task.


The feature should allow using private certificate management services, so the database would need to know how to get the cert and the key, and avoid storing it on disk.

  • Attach files