Oops. Indeed, I read too fast 
!
My bad.
For server-side encryption (at rest), looks like it’s this way in the doc.
We have a list of partners that could be a start to find the golden egg. I can’t do much more here I’m afraid.
Hopefully someone else has more details. 