Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 79447200BD5 for ; Wed, 23 Nov 2016 15:17:00 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 77CC5160AFA; Wed, 23 Nov 2016 14:17:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C46A0160AFB for ; Wed, 23 Nov 2016 15:16:59 +0100 (CET) Received: (qmail 35234 invoked by uid 500); 23 Nov 2016 14:16:58 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 35190 invoked by uid 99); 23 Nov 2016 14:16:58 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2016 14:16:58 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 9A4852C03EF for ; Wed, 23 Nov 2016 14:16:58 +0000 (UTC) Date: Wed, 23 Nov 2016 14:16:58 +0000 (UTC) From: "Jason Brown (JIRA)" To: commits@cassandra.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CASSANDRA-9633) Add ability to encrypt sstables MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 23 Nov 2016 14:17:00 -0000 [ https://issues.apache.org/jira/browse/CASSANDRA-9633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15690211#comment-15690211 ] Jason Brown commented on CASSANDRA-9633: ---------------------------------------- [~spodxx@gmail.com] It's already configurable for different key providers. {{CipherFactory}} create an instance of a {{KeyProvider}}, as configured via the yaml. The default {{KeyProvider}}, {{JKSKeyProvider}}, reads from a keystore, but it's pluggable and you could easily add in a Vault provider, as well. > Add ability to encrypt sstables > ------------------------------- > > Key: CASSANDRA-9633 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9633 > Project: Cassandra > Issue Type: New Feature > Reporter: Jason Brown > Assignee: Jason Brown > Labels: encryption, security, sstable > Fix For: 3.x > > > Add option to allow encrypting of sstables. > I have a version of this functionality built on cassandra 2.0 that piggy-backs on the existing sstable compression functionality and ICompressor interface (similar in nature to what DataStax Enterprise does). However, if we're adding the feature to the main OSS product, I'm not sure if we want to use the pluggable compression framework or if it's worth investigating a different path. I think there's a lot of upside in reusing the sstable compression scheme, but perhaps add a new component in cqlsh for table encryption and a corresponding field in CFMD. > Encryption configuration in the yaml can use the same mechanism as CASSANDRA-6018 (which is currently pending internal review). -- This message was sent by Atlassian JIRA (v6.3.4#6332)