From my searching it appears that there is still no ability to encrypt "data at rest", only during communications. It has been mentioned that this is on the roadmap.
I am referring to on-premise hosting of Elasticsearch, not cloud based.
Is this still on the roadmap? If so, any indication of when it may come along?