Currently Keycloak is storing information in database, accessible in clear-text mode (apart from password).
Some legal constraints require some of the critical database data to be encrypted at rest.
Transparent Data Encryption (TDE) protects your critical data by enabling data-at-rest encryption in the database. It protects the privacy of your information, prevents data breaches and helps meet regulatory requirements including:
-Payment Card Industry Data Security Standard (PCI DSS)
-Health Insurance Portability and Accountability Act (HIPAA)
-General Data Protection Regulation (GDPR)
For example, Mysql is providing TDE encryption, like many other DB vendors
The requirement is to have keycloak working with Transparent Data Encryption (TDE) , in the same way as it is working with database is in clear-text
It would good to provide documentation examples with explaining how to encrypt some of the attributes like username/password/email/last name/first name for some database providers.