Encrypt the index data?


(Xudong You) #1

We are providing search service to one of our customer who requires that the index data on our cluster must be encrypted because the index contains many secrete data which they don't want anyone know the content unless he/she has credential. When doing the query, they will pass cert or credential to De-crypt the indexed data.

That is, the data in ES shard is encrypted, and ES shall Decrypt the data in each shard and doing the searching.

Does ES support this functionality?


#2

I Suggestion that you do not give your customer es search service directly,
you can give a web service as stand, where you can use search origin data and give the custom encryped data , and the custom decryped the data themself


(David Pilato) #3

Do you mean that files must be encrypted in case the physical disk is stolen?

If so you must secure your disk on a OS file system level. IIRC dm-crypt is what you need in that case.

If you want to authenticate people and let them having access to some fields or not, then xpack (commercial plugin) is your friend.


(Xudong You) #4

The requirement is not finalized yet, but so far my understand of the requirement is, that even we directly query the index from ES endpoint, we can only see the encrypted content in ES response.

It is something like store encrypted data in DB and event DB admin cannot see the original content without encryption key.

Is it possible in ES?


(David Pilato) #5

we can only see the encrypted content in ES response.

I'd ask that specific question in #x-pack to see what are the exact options you have.

It is something like store encrypted data in DB and event DB admin cannot see the original content without encryption key.

I believe we don't support that. The data is stored and indexed in clear. Communication between nodes and clients can be encrypted with x-pack though but as I said at the end if the client is allowed to query, he will get back a clear answer.

Unless you decide to not store the _source field and just store some encrypted fields but index only clear fields. That might be a handmade option if this is really needed.


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.