Encrypted at rest

[ekr]

RECOMMENDATION: In the case where metadata has to be persisted for functionality, it should be stored encrypted at rest and then decrypted during the execution. Applications should also consider anonymous systems for server fanout (for example {{Loopix}}).

How does this really help to encrypt it at rest? The keys need to be readily available to provide the functionality.

[beurdouche]

Correct, I updated and relocated that recommendation.