diff --git a/terraform/veda-wfs3/rds.tf b/terraform/veda-wfs3/rds.tf
index d54bf83..e6b5cc5 100644
--- a/terraform/veda-wfs3/rds.tf
+++ b/terraform/veda-wfs3/rds.tf
@@ -58,6 +58,7 @@ resource "aws_db_instance" "db" {
   backup_retention_period  = 7
   username                 = "postgres"
   password                 = var.db_password
+  storage_encrypted        = var.db_encrypted
   allow_major_version_upgrade = true
   parameter_group_name     = aws_db_parameter_group.default.name
 }
diff --git a/terraform/veda-wfs3/variables.tf b/terraform/veda-wfs3/variables.tf
index 7645237..9d459e9 100755
--- a/terraform/veda-wfs3/variables.tf
+++ b/terraform/veda-wfs3/variables.tf
@@ -37,6 +37,12 @@ variable "db_password" {
   sensitive   = true
 }
 
+variable "db_encrypted" {
+  description = "Whether RDS storage should be encrypted"
+  type        = bool
+  default     = false
+}
+
 variable "dns_zone_name" {
 }