Encryption at rest support

jiali · December 29, 2017, 6:24am

In X-Pack platinum, "Encryption at rest support" was introduced in 5.3.0 Released. As there's no documentation about it and I understand it is about filesystem encryption on the actual host running Elasticsearch.

I would like to clarify if this feature is to
option 1: provide filesystem encryption service with dm-crypt; or
option 2: support running Elasticsearch on encrypted filesystem (which means we need to do dm-crypt ourselves on the filesystem) ?

If is option1, could you share

Is the encryption done on per node basis or?
Will this affect search performance?

Magnus_Kessler · December 29, 2017, 6:51am

Jiali,

This question was previously answered here. It's option 2 on your list.

An encrypted file system has to be set up on each node. The overhead of encryption depends on how well your CPUs support the additional mathematical operations required to encrypt the data, and any overhead incurred by the FS stack. Maximum throughput and duration of individual queries are generally influenced by latencies in the FS.

system · January 26, 2018, 6:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Encryption at rest support in x-pack platinum Elasticsearch	5	9625	November 4, 2022
How should I encrypt data at rest with Elasticsearch? Elastic Tips and Common Fixes	1	48939	July 5, 2017
Encryption In Elasticsearch Elasticsearch	15	286	July 10, 2024
Cryptage des données sur le disque Discussions en français	4	13	October 25, 2024
Encryption At REST In ELASTICSEARCH Elasticsearch	0	60	July 10, 2024

Encryption at rest support

Related Topics