First, Can dm_crypt be used with a elasticsearch basic license?
currently my elastic cluster is a basic license.
The official documentation says that platinum licenses are only supported.
Is there a task to run separately in elasticsearch for dm crypt?
Second, Can server users see data sources(plain text) even using dm_crpyt?
I can connect to the server(login elasticsearch user) and see the text(plain text) of the translog in /var/elasticsearch/data.
Is dm_crypt currently applied?
Or is it not applied because of the license?
Yes it will work, but it's not officially supported. If you are using dm_crypt with a non-platinum licence and you encounter an issue then the support team may ask you to reproduce the issue with dm_crypt disabled before they can help you resolve it.
Yes, dm_crypt transparently encrypts the data stored on disk so it looks like normal data to users of the host machine.
That isn't possible. Elasticsearch itself runs as a normal user on the host, and needs access to the unencrypted data. If you do not want untrusted users to have access to this data then you should not permit untrusted users to access the host.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
