Something to consider is what scenarios do you want to protect against. Full disk encryption protects against a drive pull attack, such as an attack walks into a data storage room full disks, pulls a disk from the room, and then makes a run for it. Since the full disk is encrypted, the attacker will have to break that. Encrypting values protects against insiders from seeing values, such as a rogue administrator that is trying to get personally identifiable information (they would be able to decrypt the disk, but wouldn't be able to decrypt the values). I'm personally not sure what Geode needs to do or could be doing versus what's best practice when building applications that use Geode/when running Geode.
-michael On Tue, Jan 21, 2020 at 10:33 AM Dan Smith <dsm...@pivotal.io> wrote: > Hi Mario, > > It's something we've talked about before, I think it would be a good idea. > The two workarounds I have seen done are > - full disk encryption - storing the geode disk files on an encrypted disk > - encrypting values - At the client side, converting values into encrypted > bytes before storing them in geode. > > But it would nice to just support encryption at the disk store level. > > -Dan > > On Tue, Jan 21, 2020 at 4:21 AM Udo Kohlmeyer <u...@apache.com> wrote: > > > Hi there Mario, > > > > The idea of encryption-at-rest, is something that has been on my radar > > for at least 4yrs now. > > > > I would not mind having a chat about what your requirements are and how > > we can get this into Geode. > > > > Looking forward to chatting to you about this. > > > > --Udo > > > > On 1/15/20 2:20 AM, Mario Kevo wrote: > > > Hi geode-dev, > > > > > > Is it possible somehow to protect all files that containing user > data(or > > user data itself) being stored in disk for Geode. > > > This includes all persistence data(OpLogs), backups and possible other > > files containing user data. > > > Also protection is needed for all of the files potentailly used for > > replication and cluster high availability mechanism. > > > > > > If this feature is not available, do you have it in the plan already? > > > Do you included it in Geode roadmap? > > > > > > BR, > > > Mario > > > > > > > > >
