BRAVO! And It's about time; it was a longer road than hoped. This is career defining work for you. Multi-tenant (collection isolated) encryption is a difficult feature to build and productionize. I know it got security reviews and production usage. I recommend you/we write a news posting; it's worthy of such. I like how isolated/decoupled the design is by use of the Directory abstraction, which is superior to the older Lucene codec attempt. It could be more isolated (room for longer term future improvement) but the Directory abstraction clearly makes sense in my mind for this feature. We know, I pushed for this originally ;-)
When I look at the SIP; it's kind of strange -- it appears you've worded it as an (implied) proposal to bring it into the main repo from the sandbox. I think a SIP shouldn't be principally about that, it should be about *what* exactly this code/feature is, explaining it to someone who has no clue. You did that in the attached documents, which readers should look at *first*. Then maybe make an explicit argument as to moving the code *if* you want to. The need for a SIP is debatable but you've done it. Personally, I think of them only for changes that have a big impact on the Solr codebase. I'm kind of torn on moving it. Just as I was torn on seeing the new CDCR move. Both are enterprisy-exotic, and I feel that adding new 1st party modules like this is a symptom that 3rd party modules somehow can't be successful stand-alone. Like... maybe it's "too hard" to keep the sandbox up-to-date with the latest Solr? Or maybe a release process for it is lacking? Or test infrastructure? Honestly I'm not sure; I haven't touched the sandbox personally. On Wed, Aug 6, 2025 at 4:14 AM Bruno Roustant <bruno.roust...@gmail.com> wrote: > Hi, I think the encryption module [1] in solr-sandbox is ready for a SIP > discussion. > > I created SIP-25 [2] in the wiki, which contains attachments with the > architecture description and some diagrams. (Interestingly, I created them > by driving a generative AI on the encryption module code). > > I think the encryption module now supports everything that needs to be > encrypted: index, transaction logs, replication, backups. It requires Solr > 9.9.0. There are many tests, but the final test plan is to be discussed, > fyi it is currently used in production in my company. > > In this module, the focus is on a seamless encryption, and ease of key > rotation which can be done without service interruption (serving queries > and indexing in parallel). It has an impact on query performance, so there > is a section in the architecture description that explains the use-case, > when to use this Java-level encryption compared to a faster OS-level > encryption. > > [1] https://github.com/apache/solr-sandbox/tree/main/encryption > [2] > > https://cwiki.apache.org/confluence/display/SOLR/SIP-25%3A+Encryption+Module >
