Can we override the way data gets stored in elasticsearch

Is there a way to override how the data is stored in elasticsearch? I want to encrypt the data just before elasticsearch writes it to file system and just before sending the search query to file-system send the encrypted value. Is there any extension point which can be overridden? Can I override any of the Lucene processor which does this?

Objective is to store encrypted data.

Yes, no need to adjust anything in Elasticsearch or Lucene however, the recommended extension point for encrypting data on disk is the device mapper. In other words, use dm-crypt.

1 Like

Thanks David, but as you said, when using dm-crypt, data is encrypted on disk. Someone who is accessing the VM can still get the data. Is it possible to make sure the data is encrypted at OS level?

If someone can access the VM they can extract the data (or the encryption keys) from Elasticsearch directly, no matter whether the encryption happens within Elasticsearch or within the device mapper.

1 Like

I did not think that way. You are right David. :smiley:

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.