fix(rbd): enc at rest (#3516)

managed-databases/postgresql-and-mysql/concepts.mdx

@@ -53,6 +53,17 @@ A Database Instance is a managed database service created upon a custom base ima
 
 A [snapshot](/managed-databases/postgresql-and-mysql/how-to/manage-snapshots/) is a consistent, instantaneous copy of the Block Storage volume of your Database Instance at a certain point in time. They are designed to recover your data in case of failure or accidental alterations of the data by a user. They allow you to quickly create a new Instance from a previous state of your database, regardless of the size of the volume. Their limitation is that, unlike backups, snapshots can only be stored in the same location as the original data.
 
+## Encryption at rest
+
+Encryption at rest allows you to permanently encrypt your database data. The data is encrypted at volume level using [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). At Scaleway `aes-xts-plain64` is used as the default. The management of the encryption key is done by Scaleway.
+
+When you enable encryption at rest, you cannot disable it after database creation. All databases, data (including logs), and snapshots will be encrypted. Logical backup encryption is not currently available.
+
+During the beta phase, you can enable encryption on an existing Database Instance by opening a request via a [support ticket](https://console.scaleway.com/support).
+
+Enabling encryption means your database data will be copied into a new, encrypted block volume. This takes approximately 1 hour per 100 GB of storage. When switching volumes, expect a few seconds of downtime towards the end of the copying process.
+
+
 ## Endpoint
 
 A point of connection to a database. The endpoint is associated with an IPv4 address and a port, and contains the information of whether the endpoint is read-write or not.

managed-databases/postgresql-and-mysql/how-to/create-a-database.mdx

@@ -36,6 +36,14 @@ Compared to traditional database management, which requires customers to provide
         <Message type="important">
           You can upgrade a standalone node to High Availability after Database Instance creation, but not the opposite.
         </Message>
+    - Enable [encryption at rest](/managed-databases/postgresql-and-mysql/concepts/#encryption-at-rest) if you want to ensure the permanent encryption of your database data.
+        <Message type="important">
+          When you enable encryption at rest, you cannot disable it after database creation. All databases, data (including logs), and snapshots will be encrypted. Logical backup encryption is not currently available.
+          <br /><br />
+          During the beta phase, you can enable encryption on an existing Database Instance by opening a request via a [support ticket](https://console.scaleway.com/support).
+          <br /><br />
+          Enabling encryption means your database data will be copied into a new, encrypted block volume. This takes approximately 1 hour per 100 GB of storage. When switching volumes, expect a few seconds of downtime towards the end of the copying process.
+        </Message>
     - Select a node type.
     - Choose your storage type and capacity. Two types of storage are available:
         - **Basic Block Storage** - With this type, your storage is decoupled from your compute resources. You can increase your storage space without changing your node type. You can define your storage capacity by entering the desired amount in the box. The volume can be increased up to 10 TB.