In X-Pack platinum, "Encryption at rest support" was introduced in 5.3.0 Released. As there's no documentation about it and I understand it is about filesystem encryption on the actual host running Elasticsearch.
I would like to clarify if this feature is to
option 1: provide filesystem encryption service with dm-crypt; or
option 2: support running Elasticsearch on encrypted filesystem (which means we need to do dm-crypt ourselves on the filesystem) ?
This question was previously answered here. It's option 2 on your list.
An encrypted file system has to be set up on each node. The overhead of encryption depends on how well your CPUs support the additional mathematical operations required to encrypt the data, and any overhead incurred by the FS stack. Maximum throughput and duration of individual queries are generally influenced by latencies in the FS.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.