If you want to encrypt values at the client, you might want to check out this talk: https://springoneplatform.io/2018/sessions/implementing-pii-encryption-with-pdx-serialization
Anthony > On Jan 21, 2020, at 10:45 AM, Michael Oleske <mole...@pivotal.io> wrote: > > Something to consider is what scenarios do you want to protect against. > Full disk encryption protects against a drive pull attack, such as an > attack walks into a data storage room full disks, pulls a disk from the > room, and then makes a run for it. Since the full disk is encrypted, the > attacker will have to break that. Encrypting values protects against > insiders from seeing values, such as a rogue administrator that is trying > to get personally identifiable information (they would be able to decrypt > the disk, but wouldn't be able to decrypt the values). I'm personally not > sure what Geode needs to do or could be doing versus what's best practice > when building applications that use Geode/when running Geode. > > -michael > > On Tue, Jan 21, 2020 at 10:33 AM Dan Smith <dsm...@pivotal.io> wrote: > >> Hi Mario, >> >> It's something we've talked about before, I think it would be a good idea. >> The two workarounds I have seen done are >> - full disk encryption - storing the geode disk files on an encrypted disk >> - encrypting values - At the client side, converting values into encrypted >> bytes before storing them in geode. >> >> But it would nice to just support encryption at the disk store level. >> >> -Dan >> >> On Tue, Jan 21, 2020 at 4:21 AM Udo Kohlmeyer <u...@apache.com> wrote: >> >>> Hi there Mario, >>> >>> The idea of encryption-at-rest, is something that has been on my radar >>> for at least 4yrs now. >>> >>> I would not mind having a chat about what your requirements are and how >>> we can get this into Geode. >>> >>> Looking forward to chatting to you about this. >>> >>> --Udo >>> >>> On 1/15/20 2:20 AM, Mario Kevo wrote: >>>> Hi geode-dev, >>>> >>>> Is it possible somehow to protect all files that containing user >> data(or >>> user data itself) being stored in disk for Geode. >>>> This includes all persistence data(OpLogs), backups and possible other >>> files containing user data. >>>> Also protection is needed for all of the files potentailly used for >>> replication and cluster high availability mechanism. >>>> >>>> If this feature is not available, do you have it in the plan already? >>>> Do you included it in Geode roadmap? >>>> >>>> BR, >>>> Mario >>>> >>>> >>> >>
