How to achieve data Encryption in elasticsearch


I need to encrypt the data before indexing into elastic search so that actual data is protected and while searching it should produce the proper results. Please let me know how this can be achieved in elasticsearch.

And one more question is the data stored in servers are encrypted ?

You can encrypt in transit and at rest, but encrypting the data stored in the documents will limit search functionality quite severely.

Thanks for you reply @Christian_Dahlqvist.

Can you please tell me how to do it.

To do what? Encryption in transit is done by enabling security and encryption at rest at the OS level e.g. using dm-crypt.

I want to encrypt all the data that is stored in an elastic search index. So can you please tell how to do that with dm-crypt or is there any other way.

If we encrypt the data can you please tell how to provide search features ?

Please look at the dm-crypt documentation. It encrypts the file system, not data in indices so does not affect search.

Thanks for your reply.

I have one doubt - If we encrypt the file system when we access elastic index through https://localhost:9200/ the data in the index will be encrypted or not. Because i want to encrypt the data so that if anyone tries to access my index through https://localhost:9200/ they should not see actual data.

One more doubt - FIle system is nothing but where we store the elastic data which we give in property in elastic yml configuration . Correct right ?

If you want to encrypt the data in the documents you will basically only be able to perform exact match searches using encrypted strings. This will severely limit search functionality.

Is there any other way to encrypt the data stored in the index ?

What i thought is encrypting the data before indexing into elastic. But i dint get a solution on how to search on actual data if the encrypted data is stored in the index.

As far as I know that is not possible.

okay thank you @Christian_Dahlqvist

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.