Encrypting Postgres Data at Rest in Kubernetes

These automatically encrypted disks with managed keys in the clouds are nice to check the "encrypted at rest" checkbox for security audits but I think that they add little security. In most scenarios I can think of, both the data and the keys will be accessible to the attacker. And the ones where the attacker would have access to only the encrypted data seems very unlikely, like physical access to the data center with the knowledge of where is physically stored the data. But I would be gladly proven wrong.

Am I the only one enforcing a strict no database in kubernetes policy ?

Was hoping for something a little more profound than "use an encrypted storageclass for your volumes".

Tangentially related: what&#x27;s state-of-the-art for data protection &amp; access control for small organizations? One runs into the &quot;someone&#x27;s gotta be trusted with the master keys&quot; problem there so early &amp; often that all the &quot;big&quot; solutions feel silly. Do small shops just farm this out via SaaS and hope their provider&#x27;s doing the right thing?<p>(the answer back in the day, and perhaps still, was just &quot;they don&#x27;t really worry about it at all, and hope nothing goes wrong&quot;)

This post was really laying it on a bit thick on the marketing, with three mentions of their own products before even finishing the introduction. I know that’s the point of most of these posts but then when the content was also a product, it’s too much. Pass.