[rozenmd]

Do they hate that it's unencrypted in the DB, or that the DB's storage itself is unencrypted?

(for my business, anyway) I've found this wording to be enough for bigger customers:

Data is stored on AWS RDS, encrypted at rest by an industry standard AES-256 encryption algorithm (more on that here: https://aws.amazon.com/rds/features/security/)

[alliewithane]

My main problem is that I need to do operations on the data while it's in the DB. This means that I cannot leave it encrypted end-to-end there.

[atmosx]

When RDS is encrypted at rest, it means that the data stored in the database is encrypted while it resides on disk. Means that the data is protected against unauthorised access to raw storage.

The data accessed by the app is not encrypted, you can still work on the data as you would usually do. It's mostly a compliance thing. Not sure what level of security it _actually_ brings to the data itself, but most companies are okay with "encryption at rest".

[UltraSane]

Encryption at rest is meant to protect data when the storage device is stolen or lost.

[cr125rider]

Sure you can. You just can’t do zero knowledge encryption.

[alliewithane]

How is that possible?