From 21d8bfb12d1935c0ef908d9cd96df54e8192bd47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Wed, 11 Aug 2021 16:09:25 +0200
Subject: [PATCH 1/2] TDE-log-redaction

---
 encryption-at-rest.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/encryption-at-rest.md b/encryption-at-rest.md
index 251a31f12d3be..8c16d56ffebb4 100644
--- a/encryption-at-rest.md
+++ b/encryption-at-rest.md
@@ -20,7 +20,7 @@ The current version of TiKV encryption has the following drawbacks. Be aware of
 * TiFlash supports encryption at rest since v4.0.5. For details, refer to [Encryption at Rest for TiFlash](#encryption-at-rest-for-tiflash-new-in-v405). When deploying TiKV with TiFlash earlier than v4.0.5, data stored in TiFlash is not encrypted.
 * TiKV currently does not exclude encryption keys and user data from core dumps. It is advised to disable core dumps for the TiKV process when using encryption at rest. This is not currently handled by TiKV itself.
 * TiKV tracks encrypted data files using the absolute path of the files. As a result, once encryption is turned on for a TiKV node, the user should not change data file paths configuration such as `storage.data-dir`, `raftstore.raftdb-path`, `rocksdb.wal-dir` and `raftdb.wal-dir`.
-* TiKV info log contains user data for debugging purposes. The info log and this data in it are not encrypted.
+* TiKV, TiDB and PD  info logs can contain user data for debugging purposes. The info log and this data in it are not encrypted. It is advised to enable [Log Redaction](/log-redaction.md).
 
 ## TiKV encryption at rest
 

From 477e80ca6da1390ea3069dbc98208bdd50783aa2 Mon Sep 17 00:00:00 2001
From: TomShawn <41534398+TomShawn@users.noreply.github.com>
Date: Thu, 12 Aug 2021 09:54:10 +0800
Subject: [PATCH 2/2] minor fix

---
 encryption-at-rest.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/encryption-at-rest.md b/encryption-at-rest.md
index 8c16d56ffebb4..554100b9f3a12 100644
--- a/encryption-at-rest.md
+++ b/encryption-at-rest.md
@@ -20,7 +20,7 @@ The current version of TiKV encryption has the following drawbacks. Be aware of
 * TiFlash supports encryption at rest since v4.0.5. For details, refer to [Encryption at Rest for TiFlash](#encryption-at-rest-for-tiflash-new-in-v405). When deploying TiKV with TiFlash earlier than v4.0.5, data stored in TiFlash is not encrypted.
 * TiKV currently does not exclude encryption keys and user data from core dumps. It is advised to disable core dumps for the TiKV process when using encryption at rest. This is not currently handled by TiKV itself.
 * TiKV tracks encrypted data files using the absolute path of the files. As a result, once encryption is turned on for a TiKV node, the user should not change data file paths configuration such as `storage.data-dir`, `raftstore.raftdb-path`, `rocksdb.wal-dir` and `raftdb.wal-dir`.
-* TiKV, TiDB and PD  info logs can contain user data for debugging purposes. The info log and this data in it are not encrypted. It is advised to enable [Log Redaction](/log-redaction.md).
+* TiKV, TiDB, and PD  info logs might contain user data for debugging purposes. The info log and this data in it are not encrypted. It is recommended to enable [log redaction](/log-redaction.md).
 
 ## TiKV encryption at rest