What is Encryption at rest (EAR)?
Database stores data in its own format on the disk. While the data looks obscure to the humans, it can be de-obfuscated and altered with some effort. This poses a risk if malicious user has direct access to the disk, which can bypass the database ACL system to access and alter the data. EAR is the method to encrypt the data on disk (at rest) using an encryption key, which makes this attack impossible. Data is encrypted right before writing to the disk and decrypted right after reading from the disk.External reference