Is there a way to override how the data is stored in elasticsearch? I want to encrypt the data just before elasticsearch writes it to file system and just before sending the search query to file-system send the encrypted value. Is there any extension point which can be overridden? Can I override any of the Lucene processor which does this?
Yes, no need to adjust anything in Elasticsearch or Lucene however, the recommended extension point for encrypting data on disk is the device mapper. In other words, use dm-crypt.
Thanks David, but as you said, when using dm-crypt, data is encrypted on disk. Someone who is accessing the VM can still get the data. Is it possible to make sure the data is encrypted at OS level?
If someone can access the VM they can extract the data (or the encryption keys) from Elasticsearch directly, no matter whether the encryption happens within Elasticsearch or within the device mapper.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.