Ben has a good point here. There's an advantage to encrypting in the application, you can encrypt data per-account / user / [some other thing]. It's possible to revoke all access to all the data for a particular [whatever] by simply deleting the encryption key.Lots of options available.On Wed, Aug 1, 2018 at 4:39 PM Ben Slater <ben.slater@xxxxxxxxxxxxxxx> wrote:My recommendation is generally to look at encrypting in your application as it’s likely to be overall more secure than DB-level encryption anyway (generally the closer to the user you encrypt the better). I wrote a blog on this last year: https://www.instaclustr.com/securing-apache-cassandra-with-application-level-encryption/We also use encrypted GP2 EBS pretty widely without issue.CheersBen--On Thu, 2 Aug 2018 at 05:38 Jonathan Haddad <jon@xxxxxxxxxxxxx> wrote:You can also get full disk encryption with LUKS, which I've used before.On Wed, Aug 1, 2018 at 12:36 PM Jeff Jirsa <jjirsa@xxxxxxxxx> wrote:EBS encryption worked well on gp2 volumes (never tried it on any others)--Jeff Jirsa
On Aug 1, 2018, at 7:57 AM, Rahul Reddy <rahulreddy1234@xxxxxxxxx> wrote:Hello,Any one tried aws ec2 volume encryption for Cassandra instances?On Tue, Jul 31, 2018, 12:25 PM Rahul Reddy <rahulreddy1234@xxxxxxxxx> wrote:Hello,I'm trying to find a good document on to enable encryption for Apache Cassandra (not on dse) tables and commilogs and store the keystore in kms or vault. If any of you already configured please direct me to documentation for it.--Jon Haddad
Read our latest technical blog posts here.
This email has been sent on behalf of Instaclustr Pty. Limited (Australia) and Instaclustr Inc (USA).
This email and any attachments may contain confidential and legally privileged information. If you are not the intended recipient, do not copy or disclose its content, but please reply to this email immediately and highlight the error to the sender and then immediately delete the message.--Jon Haddad