Runtime de/encryption

[Marco]

Hello List,

i'am using the geom framework for quite a time. I'am happy about
gbde/geli implementations(beside the race condition in geli) however, i
wonder since some time, as the data may get
exposed on a running server(as the partitions decrypted) is there a way
to do some kind of runtime de/encyrption, with keys? so that only
special users with the right handle can encrypt or decrypt data? so
talking about another filesystem layer...
Anyone?

Best regards,
 Marco