Data at rest encryption. Is it coming for Elasticsearch?

security

(Ashley) #1

From my searching it appears that there is still no ability to encrypt "data at rest", only during communications. It has been mentioned that this is on the roadmap.

I am referring to on-premise hosting of Elasticsearch, not cloud based.

Is this still on the roadmap? If so, any indication of when it may come along?


(Steve Kearns) #2

Hi Ashley,

Encryption at rest is a feature on our security roadmap. We're currently chatting with customers and users about the detailed requirements. If you're familiar with the technical details of your requirements, can you share them?

cc @jaymode who will be interested in hearing as well.

Thanks,
Steve


(Paul Targett) #3

Hi, what happened with this thread? We also have a requirement to have the data encrypted at rest. We provide SaaS into the health and social care sector and would like to use Elastic Search for search. Can provide more detail and interested in the current position.

@jaymode


Encrypted at rest files
(Animageofmine) #4

@skearns

+1 to this requirement.


(Tim Vernum) #5

We just released 5.3.0.
As of that release, we now support encryption at rest via dm-crypt.

If that does not suit your use-case, then pleas let us know your requirements so that we can consider them in our future roadmap.


(Animageofmine) #6

As far as I understand dm-crypt is disk level encryption.

What we are particularly looking for is to be able to encrypt each index using a key that our customers provide in order to be able to support data isolation. This helps us get more business from federal and other customers who want encryption enabled using their own encryption key.

Look forward to hearing from you soon.


(system) #7