From be08ce52fd3ecf76dc38d7e7d297cffff469caf7 Mon Sep 17 00:00:00 2001
From: ldecarvalho-doc <82805470+ldecarvalho-doc@users.noreply.github.com>
Date: Wed, 31 Jul 2024 10:25:03 +0200
Subject: [PATCH] fix(rbd): enc at rest (#3516)

---
 managed-databases/postgresql-and-mysql/concepts.mdx   | 11 +++++++++++
 .../postgresql-and-mysql/how-to/create-a-database.mdx |  8 ++++++++
 2 files changed, 19 insertions(+)

diff --git a/managed-databases/postgresql-and-mysql/concepts.mdx b/managed-databases/postgresql-and-mysql/concepts.mdx
index 3a20d25b2f..73cbfd3ae0 100644
--- a/managed-databases/postgresql-and-mysql/concepts.mdx
+++ b/managed-databases/postgresql-and-mysql/concepts.mdx
@@ -53,6 +53,17 @@ A Database Instance is a managed database service created upon a custom base ima
 
 A [snapshot](/managed-databases/postgresql-and-mysql/how-to/manage-snapshots/) is a consistent, instantaneous copy of the Block Storage volume of your Database Instance at a certain point in time. They are designed to recover your data in case of failure or accidental alterations of the data by a user. They allow you to quickly create a new Instance from a previous state of your database, regardless of the size of the volume. Their limitation is that, unlike backups, snapshots can only be stored in the same location as the original data.
 
+## Encryption at rest
+
+Encryption at rest allows you to permanently encrypt your database data. The data is encrypted at volume level using [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). At Scaleway `aes-xts-plain64` is used as the default. The management of the encryption key is done by Scaleway.
+
+When you enable encryption at rest, you cannot disable it after database creation. All databases, data (including logs), and snapshots will be encrypted. Logical backup encryption is not currently available.
+
+During the beta phase, you can enable encryption on an existing Database Instance by opening a request via a [support ticket](https://console.scaleway.com/support).
+
+Enabling encryption means your database data will be copied into a new, encrypted block volume. This takes approximately 1 hour per 100 GB of storage. When switching volumes, expect a few seconds of downtime towards the end of the copying process.
+
+
 ## Endpoint
 
 A point of connection to a database. The endpoint is associated with an IPv4 address and a port, and contains the information of whether the endpoint is read-write or not.
diff --git a/managed-databases/postgresql-and-mysql/how-to/create-a-database.mdx b/managed-databases/postgresql-and-mysql/how-to/create-a-database.mdx
index 389b6b8e62..fd1987814f 100644
--- a/managed-databases/postgresql-and-mysql/how-to/create-a-database.mdx
+++ b/managed-databases/postgresql-and-mysql/how-to/create-a-database.mdx
@@ -36,6 +36,14 @@ Compared to traditional database management, which requires customers to provide
         <Message type="important">
           You can upgrade a standalone node to High Availability after Database Instance creation, but not the opposite.
         </Message>
+    - Enable [encryption at rest](/managed-databases/postgresql-and-mysql/concepts/#encryption-at-rest) if you want to ensure the permanent encryption of your database data.
+        <Message type="important">
+          When you enable encryption at rest, you cannot disable it after database creation. All databases, data (including logs), and snapshots will be encrypted. Logical backup encryption is not currently available.
+          <br /><br />
+          During the beta phase, you can enable encryption on an existing Database Instance by opening a request via a [support ticket](https://console.scaleway.com/support).
+          <br /><br />
+          Enabling encryption means your database data will be copied into a new, encrypted block volume. This takes approximately 1 hour per 100 GB of storage. When switching volumes, expect a few seconds of downtime towards the end of the copying process.
+        </Message>
     - Select a node type.
     - Choose your storage type and capacity. Two types of storage are available:
         - **Basic Block Storage** - With this type, your storage is decoupled from your compute resources. You can increase your storage space without changing your node type. You can define your storage capacity by entering the desired amount in the box. The volume can be increased up to 10 TB.