How to use dm_crypt with elasticsearch

In my case, the data stored in elasticsearch must be encrypted.
So i will use dm_crypt + LUKS.

Here is my file system.

elasticsearch.yml

In the current state, inserting and searching data using kibana dev tools works fine.
like this...

But, I have two questions.

First, Can dm_crypt be used with a elasticsearch basic license?
currently my elastic cluster is a basic license.
The official documentation says that platinum licenses are only supported.
Is there a task to run separately in elasticsearch for dm crypt?

Second, Can server users see data sources(plain text) even using dm_crpyt?
I can connect to the server(login elasticsearch user) and see the text(plain text) of the translog in /var/elasticsearch/data.

Is dm_crypt currently applied?
Or is it not applied because of the license?

Yes it will work, but it's not officially supported. If you are using dm_crypt with a non-platinum licence and you encounter an issue then the support team may ask you to reproduce the issue with dm_crypt disabled before they can help you resolve it.

Yes, dm_crypt transparently encrypts the data stored on disk so it looks like normal data to users of the host machine.

How can I make sure that the host user cannot see the stored data transparently?

Can you guide me?

That isn't possible. Elasticsearch itself runs as a normal user on the host, and needs access to the unencrypted data. If you do not want untrusted users to have access to this data then you should not permit untrusted users to access the host.

1 Like