Data encryption


(Slava G ) #1

Hi,
Is there any option to store index data encrypted ?

Best Regards.


(Shay Banon) #2

No...

On Sat, Dec 10, 2011 at 5:48 PM, slavag slavago@gmail.com wrote:

Hi,
Is there any option to store index data encrypted ?

Best Regards.


(Slava G ) #3

No - never, or not now and planed for the future ?


(Nick Hoffman) #4

I would think that it's not planned. If the indexes are encrypted, how
would you search them? You'd have to decrypt all of the fields that are
being searched, store that in memory, execute the search query, then delete
the unencrypted data from memory. That doesn't make any sense.

What problem are you trying to solve?


(Slava G ) #5

The problem is that sensitive data (even index data) is being stored as
plain text and could be leaked.
For this (but not only) I'm not storing _source field.


(Michael Sick) #6

Nothing stopping you from encrypting at the file system level. Likely there
will be a perf hit but I'm guessing ES will be fine.

On Sat, Dec 10, 2011 at 12:31 PM, slavag slavago@gmail.com wrote:

The problem is that sensitive data (even index data) is being stored as
plain text and could be leaked.
For this (but not only) I'm not storing _source field.


(Slava G ) #7

Yes, this could be an option.
Thank You.


(Shay Banon) #8

Yea, file system level encryption is definitely an option. There is an
option to encrypt the index files themselves and decrypt (block wise) when
searching, though it will come at a performance hit and requires
implemented it.

On Sat, Dec 10, 2011 at 8:12 PM, slavag slavago@gmail.com wrote:

Yes, this could be an option.
Thank You.


(system) #9