Encryption at rest support

jiali · December 29, 2017, 6:24am

In X-Pack platinum, "Encryption at rest support" was introduced in 5.3.0 Released. As there's no documentation about it and I understand it is about filesystem encryption on the actual host running Elasticsearch.

I would like to clarify if this feature is to
option 1: provide filesystem encryption service with dm-crypt; or
option 2: support running Elasticsearch on encrypted filesystem (which means we need to do dm-crypt ourselves on the filesystem) ?

If is option1, could you share

Is the encryption done on per node basis or?
Will this affect search performance?

Magnus_Kessler · December 29, 2017, 6:51am

Jiali,

This question was previously answered here. It's option 2 on your list.

An encrypted file system has to be set up on each node. The overhead of encryption depends on how well your CPUs support the additional mathematical operations required to encrypt the data, and any overhead incurred by the FS stack. Maximum throughput and duration of individual queries are generally influenced by latencies in the FS.

system · January 26, 2018, 6:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Encryption at rest support in x-pack platinum Elasticsearch	5	9630	November 4, 2022
About "Encryption at rest" using x-pack trial Elasticsearch	3	2620	November 3, 2017
Data at rest encryption. Is it coming for Elasticsearch? Elasticsearch elastic-stack-security	6	4885	July 6, 2017
Encryption at rest - required platinum license Elasticsearch elastic-stack-security	6	939	June 3, 2020
Encryption at rest support for Platinum subscriptions Elasticsearch	1	510	February 27, 2020

Encryption at rest support

Related topics