Filed from the IronCache pre-implementation coverage audit (2026-06-13): no existing issue adequately owned this.
Why this is needed
IronCache writes plaintext keyspace bytes to disk in three places: forkless snapshots/diskless-sync base records (#60), the mmap warm-restart state file (#62), and cold values spilled to flash in the RAM->SSD tier (#66). All persist on media that can be stolen, hypervisor-snapshotted, or read host-locally, yet #22 specifies only in-transit TLS. Decide the at-rest posture: optional envelope encryption with a configured/KMS key, AEAD over segment/page records, key rotation interacting with the manifest (#63) and warm-restart pointer fixup, and the throughput cost so it stays off the hot path and opt-in (matching the ephemeral-by-default stance #59). #60/#66/#63 define the on-disk formats but none mention encryption; #84's systemd hardening is process sandboxing not file encryption; #5 records this as an open gap.
Context
Relates to / partially overlaps #60. Part of the vision EPIC #1.
Why this is needed
IronCache writes plaintext keyspace bytes to disk in three places: forkless snapshots/diskless-sync base records (#60), the mmap warm-restart state file (#62), and cold values spilled to flash in the RAM->SSD tier (#66). All persist on media that can be stolen, hypervisor-snapshotted, or read host-locally, yet #22 specifies only in-transit TLS. Decide the at-rest posture: optional envelope encryption with a configured/KMS key, AEAD over segment/page records, key rotation interacting with the manifest (#63) and warm-restart pointer fixup, and the throughput cost so it stays off the hot path and opt-in (matching the ephemeral-by-default stance #59). #60/#66/#63 define the on-disk formats but none mention encryption; #84's systemd hardening is process sandboxing not file encryption; #5 records this as an open gap.
Context
Relates to / partially overlaps #60. Part of the vision EPIC #1.