Encryption at rest (AES-GCM).

To meet FIPS 140-3, I can't roll my own crypto; I have to use a validated module.

I actually only link OpenSSL on Linux, and then only if it's in FIPS-mode. On Windows (CNG) and macOS (CoreCrypto), I use the native OS primitives to avoid the dependency and keep the binary small.