Looking at the FAQ, it mentions that CockroachDB supports encryption in transport via TLS, however I am unable to find any mention of encryption at rest–that is, is the data in the database itself encrypted on disk? If not, I feel that this is a very important feature to support. You can encrypt the transport all you want, but if the data isn’t encrypted at rest, then it’s mostly for naut.
Is this currently supported? If so, how does one configure it? If not, is it planned?