How do I encrypt EventStore on disc?

xposting from the stack:

There seems to be a thread from 2 years ago, but if this has been covered here, I couldn’t find it.

For my sins, I’m responsible for databases that store Personally Identifiable Information and possible HIPAA-protected data.

So this data needs to be stored encrypted both in transit and at rest.

We currently use MSSQL Enterprise with TDE.

We are looking at EventStore. Among our questions are: how do we encrypt it? How do we back it up? How do we retain encryption even when backed up?

I would like to do the encryption below the application level. Vormetric and Gazzang seem to offer options for encrypting virtual devices or disc partitions, but neither seems to solve the backup encryption as simply as using a technology like MSSQL’s TDE.

We really want to use EventStore. I’m hoping there’s a good solution I have been too thick to appreciate yet.

Put it on an encrypted file system?

There are a few options.

  1. do it at the filesystem level. This is a well solved problem

  2. do it at the application level and store only encrypted data. This will work fine so long as you don’t need to load the data into js projections internally.