What exactly do you mean by client-side encryption?
The transport layer can be encrypted with TLS and Beats support TLS mutual auth.
Encrypting data before it is transmitted to the cloud service provider. In our use case, outputting Metricbeat and Filebeat to a local file and AWS-Kinesis-agent forwarding to AWS Kinesis stream.
Further explanation....we want the option of not only encrypting the connection but also the payload. So the actual log record becomes an encrypted binary object. The reason for this is that the target cannot encrypt at rest so we need to encrypt prior to transmission ( i.e. client - side ).
Oh, right makes some sense since you are reading the output file with the Kinesis-agent. (I forgot about that part)
No, you would need to modify the codebase or write a custom output.
Andrew, is there any documentation regarding encryption options for the Beats suite? We have a requirement to client-side encrypt data before sending to Kafka. Looking for info such as,.....do the Metricbeat and Filebeat agents themselves only support a single model for this? Ultimately, we must find a model that both Beats and Kafka support. Thanks in advance!
Oh, one other point. We are for the time being bypassing the Kinesis agent and going directly from Beats to Kafka. Does this simplify the encryption challenge? Previously, you had written "The transport layer can be encrypted with TLS and Beats support TLS mutual auth.".
Here you can find the docs for the kafka output encryption: https://www.elastic.co/guide/en/beats/metricbeat/5.2/kafka-output.html#_ssl_3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.