I am developing my own external custom plugin in React.
And I am planning to store personal information of customers and their inventory data as well in Elasticsearch, in addition to logging data. I am planning to implement multi-tenancy as well.
How can I encrypt the data so that sensitive information like passwords will not be visible to the users themselves and other tenants also.
So both encryption and decryption, and key management and assignment should be done and maintained by the developer right?
I saw that saved objects can be encryption by mentioning the encryption key in the yml file. Can I store data as saved objects rather than in indices? Or are saved objects a completely different concept ?
I went through 100+ posts on the forum, and this is what I understood regarding encryption in ES
Data-in-transit encryption is there in ES
Data-at-rest encryption can be implemented in 2 ways:
a. Manually encrypting data before indexing and decrypting on retrieval
b. Using OS level encryption (dm-crypt)
I do understand dm-crypt and also that the data will be transparent to authorized ES users. But what happens in between? Meaning how does dm-crypt get the key to encrypt the data and how the data is transparent to ES?
Yes, you have encrypted communications between elasticsearch nodes and clients.
That's right, if you want to store encrypted data in elasticsearch you will need to encrypt it before you store it or use a OS level encryption.
The OS level encryption is transparent for Elasticsearch and any other software in the system, so if you store a sensitive information in plain text, everyone who is authorized to query on that field will be able to see that information.
What that kind encryption do is to protect your data if your disk is powered off and removed from the system, while it is powered on and in the system, everyone with access to the system may be able to see it.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.