Hi, I think the encryption module [1] in solr-sandbox is ready for a SIP discussion.
I created SIP-25 [2] in the wiki, which contains attachments with the architecture description and some diagrams. (Interestingly, I created them by driving a generative AI on the encryption module code). I think the encryption module now supports everything that needs to be encrypted: index, transaction logs, replication, backups. It requires Solr 9.9.0. There are many tests, but the final test plan is to be discussed, fyi it is currently used in production in my company. In this module, the focus is on a seamless encryption, and ease of key rotation which can be done without service interruption (serving queries and indexing in parallel). It has an impact on query performance, so there is a section in the architecture description that explains the use-case, when to use this Java-level encryption compared to a faster OS-level encryption. [1] https://github.com/apache/solr-sandbox/tree/main/encryption [2] https://cwiki.apache.org/confluence/display/SOLR/SIP-25%3A+Encryption+Module
