> On May 22, 2023, at 13:06, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote: > As I understand TDE whether you can get to the files is not really the point. It is that someone/thing can and if they do the files are encrypted. Pretty sure RDS is not magical enough to have no access from any source to the file system. That is true. (One of the reasons that TDE in cloud hosting is generally a regulatory issue, not really a technical one.) That being said, RDS does allow the underlying EBS volume to be encrypted, and you can do "bring your own key" using their keystores.
