...

Currently, EVE does not have capabilities of data security at rest. This is being designed and implemented. While EVE provides capabilities or building blockslike file system encryption, it is up to the EVE Controller to stitch them together make use of these capabilities to  to achieve a security goal. For this EVE needs to define its interface towards EVE controller, and provision a way to define security policies from the Controller.  This proposal defines such an interface.

Use cases 

Assuming that EVE provides a capability to store some files in an encrypted filesystem, 
a) A user might want to run the Edge Containers out of this secure file system, so that data that is stored by these Edge Containers is stored in encrypted form at rest.   A user might do this is to prevent an attacker from reading the application data if the EVE node is stolen or drive is taken out.
b) A user might also wish to store sensitive parts of EVE configuration (e.g. Image data store credentials), under this secure file system, so that it stays encrypted at rest. 

Proposed change in the EVE Provisioning Workflow

...