[jira] [Commented] (LUCENE-9379) Directory based approach for index encryption

Mon, 06 Jul 2020 02:54:06 -0700 


    [ 
https://issues.apache.org/jira/browse/LUCENE-9379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151914#comment-17151914
 ] 

Bruno Roustant commented on LUCENE-9379:
----------------------------------------

[~rcmuir] makes an important callout in the PR. A better approach is by 
leveraging the OS encryption at filesystem level because it fits the OS 
filesystem cache. That way the cached pages are decrypted in the cache.

So whenever it is possible, we must use OS level encryption. An OS filesystem 
encryption allows to encrypt differently per directory/file, and some allow to 
manage multiple keys.

But OS level encryption is not always possible. The example I can think of is 
running on computing engines on public cloud. In this case we don't have access 
to the OS level encryption (there is one but we cannot manage keys).

So this Jira issue propose a solution in the case we cannot use OS level 
encryption and we need to manage multiple keys. It should be stated well in the 
doc/javadoc. It is sub-optimal because it has to decrypt each time it accesses 
a cached IO page. So expect more performance impact.

 

> Directory based approach for index encryption
> ---------------------------------------------
>
>                 Key: LUCENE-9379
>                 URL: https://issues.apache.org/jira/browse/LUCENE-9379
>             Project: Lucene - Core
>          Issue Type: New Feature
>            Reporter: Bruno Roustant
>            Assignee: Bruno Roustant
>            Priority: Major
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> The goal is to provide optional encryption of the index, with a scope limited 
> to an encryptable Lucene Directory wrapper.
> Encryption is at rest on disk, not in memory.
> This simple approach should fit any Codec as it would be orthogonal, without 
> modifying APIs as much as possible.
> Use a standard encryption method. Limit perf/memory impact as much as 
> possible.
> Determine how callers provide encryption keys. They must not be stored on 
> disk.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to