That is one of the reasons why I encrypt every drive.
Only boot partition has to be unencrypted, the rest has to be encrypted.
It is a part of "data is toxic" approach.
I'm not willing to spend time to trace what data is stored where - db, rabbitmq/mnesia, kafka, whatelse.
Even if i did how I am supposed to wipe it if those tools during operation probably remove old data in rm style instead of shred-ding.
Some of my clients consider their internal network configuration to be sensitive, so even my /etc/hosts is toxic.
IMO you have to either encrypt everything or be prepared to physically destroy your hdds with drill.
100% agree, and encrypting is better than physically destroying, because your hardware might just get stolen (or confiscated), at which point it's a bit hard to physically destroy them.
For anyone worried about the overhead of encrypting for writes and decrypting for reads: barely noticeable for me (though I don't do very IO intensive things).
It is a part of "data is toxic" approach.
I'm not willing to spend time to trace what data is stored where - db, rabbitmq/mnesia, kafka, whatelse. Even if i did how I am supposed to wipe it if those tools during operation probably remove old data in rm style instead of shred-ding. Some of my clients consider their internal network configuration to be sensitive, so even my /etc/hosts is toxic.
IMO you have to either encrypt everything or be prepared to physically destroy your hdds with drill.