Encrypting data at Rest is achievable

Hi

I would like to point out after reading through several closed discussions in this forum that encryption at Rest is achievable but AFAIK not implemented (yet). Some discussions in this forum refer to this problem and the functionality is deemed as not implemented.

However the functionality could be implemented if the API would accept tokens analyzed from the client. If the client could send the encrypted document and the tokens of the document, Elasticsearch could accept them and enter the information in the index as provided. This does compromise the information in the document to an extend that a prediction of the content of the document could be made, but the content could still not be proven without decryption. The context and essences of the document would still be protected, but searchable.

The decision to whether this level of security is sufficient can be made from the client side.

I am hereby encouraging to allow client provided tokens to be inserted into indexes to be implemented in Elasticsearch, if not yet done already.

Kind regards
Sascha Spreitzer

By encrypting data at rest , you're essentially converting your customer's sensitive data into another form of data . This usually happens through an algorithm that can't be understood by a user who does not have an encryption key to decode it.

1 Like

Oh I see, my question is therefore not encryption at Rest, but indexing of encrypted data by tokens provided through the client. Thank you!

See other discussion: "Indexing encrypted documents"