Encryption at rest support

jiali · December 29, 2017, 6:24am

In X-Pack platinum, "Encryption at rest support" was introduced in 5.3.0 Released. As there's no documentation about it and I understand it is about filesystem encryption on the actual host running Elasticsearch.

I would like to clarify if this feature is to
option 1: provide filesystem encryption service with dm-crypt; or
option 2: support running Elasticsearch on encrypted filesystem (which means we need to do dm-crypt ourselves on the filesystem) ?

If is option1, could you share

Is the encryption done on per node basis or?
Will this affect search performance?

Magnus_Kessler · December 29, 2017, 6:51am

Jiali,

This question was previously answered here. It's option 2 on your list.

An encrypted file system has to be set up on each node. The overhead of encryption depends on how well your CPUs support the additional mathematical operations required to encrypt the data, and any overhead incurred by the FS stack. Maximum throughput and duration of individual queries are generally influenced by latencies in the FS.

Topic		Replies	Views
Encryption at rest support in x-pack platinum Elasticsearch	5	9793	November 4, 2022
About "Encryption at rest" using x-pack trial Elasticsearch	3	2689	November 3, 2017
Encryption at rest support for Platinum subscriptions Elasticsearch	1	567	February 27, 2020
How elastic search support encryption of data at Rest Elasticsearch	4	579	October 21, 2020
Encryption at rest what features comes under the same Elasticsearch elastic-stack-security	6	436	September 16, 2019

Encryption at rest support

Related topics