Is elasticsearch documents stored on file encrypted?

eleong · March 28, 2023, 12:30am

Hi,

We have a compliance audit coming up soon and one of the requirement is that the information stored in Elastic (as a SIEM) must be encrypted.

Now, I understand that Elastic don't do encryption because these documents / information are meant for searching purposes and I have explored dm-crypt (but I prefer not to do disk encryption if possible).

Tried exploring the /var/lib/elasticsearch/indices folders and the information don't seemed to be "human-readable". Does this means Elastic hashes or employ some encryption mechanism to make it non human-readable?

Anyone care to shed some light on this?

warkolm · March 28, 2023, 12:32am

Nope, it's just a binary encoding that is not encrypted.

You need to use something like dm-crypt here, it's what we recommend.

eleong · March 28, 2023, 12:50am

Speedy reply

Thanks for the advise

system · April 25, 2023, 12:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why Elastic search doesn't support storing encrypted data Elasticsearch	2	307	December 3, 2020
Data encryption Elasticsearch	8	1329	July 6, 2017
How to achieve data Encryption in elasticsearch Elasticsearch elastic-stack-security	11	1122	September 9, 2019
Encryption Options Elasticsearch	8	17634	May 28, 2019
Encrypted at rest files Elasticsearch	2	1167	August 25, 2017

Is elasticsearch documents stored on file encrypted?

Related topics