Encrypted Index

I have a scenario where i have confidential data saved as employee records/financial records shouldn't be accessible to one another, unless they have the key to access it. Can this be achieved with ES?

1)I am looking for encrypted index having data which will fetch data only for the associated access key or else it will fetch junk values/bad request.
2)And since I'm thinking of using ES as backend to another application, can this also be achieved with API calls?

Please Help! Thanks !!

Here are a few things that you can think and decide what you want to do

  1. If you are thinking about using ES as storage, the answer is no, use something else

  2. I've seen other approach where the actual data or value to a field is encrypted first before it gets indexed by ES. If you take this approach, you have to think about how to search. I would not recommend to go with this either.

  3. Since ES is a search engine, not a database or a filesystem, it will index data that you insert into to it. You can use the mapping to tell ES to index data but don't store, that means when you look into the index, you don't see "readable data" at all. When you do this, store the content somewhere else such as local file system, a database, something like Mongo GridFS, etc... that way you can encrypt the content before storing it. When your users search for info, the system can tell the users if there are hits or not with minimum info. When they select a search result to view, they have to provide a key either automatically based on their credentials or manually (it depends on how you want to build your system) then the system can use this key to decrypt the data for viewing.

  4. Another option here is putting the restriction how you want users to view the data. I think ES has a product called Shield (it has a new name now in v5) that you can use.

If I were you, I would take a look at option 3 and 4, not 1 and 2.

2 Likes

Take a look at Credeon (Hitachi). They had a booth at ElastiCon 2016 in SF.

http://www.hitachi-solutions.com/securesearch/

From talking with the person at the booth, they support ES also.

Hi thn
I am having the scenario to encrypt passwords (or other data) before saving it in ElasticsearchDB
using nodejs is this possible? how can I acheive this ? please help me
Thanks in advance

I don't use nodejs but with a quick search, you can find the following links

for encryption: https://www.npmjs.com/package/crypto-js

for elasticsearch: https://www.npmjs.com/package/elasticsearch

1 Like

Thank you thn...Found it as useful to me...

Hi thn
Do u have any idea of encrypting some user data like mailid,name,mobile number
in elastisearch index Directly using sense plugin.