...
/persist/vault - encrypted top-level directory for the parts needing encrypted
/persist/novault clear - alternative for the parts not needing encryption (currently this is only proposed for volumes where encryption incurs some overhead for running ECOs).
...
In /persist/vault/volumes/ and /persist/novaultclear/volumes
The naming of the volumes will be <volumeUUID>#<generation counter> for VM and container-based ones.
...
Volumes which should not be encrypted (TBD: we need to add a boolean to the volume config API for that) will be placed in /persist/novaultclear/volumes
Content addressable storage
...