[
https://issues.apache.org/jira/browse/IGNITE-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620535#comment-16620535
]
Nikolay Izhikov commented on IGNITE-8485:
-----------------------------------------
[~vozerov]
> 5) GridEncryptionManager - checks for notCoordinator() looks strange to me. I
> do not see any cases where current coordinator should do anything else than
> other nodes.
Yes, you are right in case of {{collectGridNodeData}}. Redundant check removed.
> 4) GridEncryptionManager.onKernalStart0 - I cannot understand why we are
> listening to ctx.discovery().localJoinFuture().listen here. Could you please
> clarify?
This is required to handle the case with statically configured caches:
1. Statically configured caches are registered *before* node joins to the
cluster.
2. At the moment of such registration, we can't generate and store an
encryption keys, because keys would be different on every node.
3. If node create new cluster({{locaJoinFuture}} && {{notCoordinator==false}})
we can generate and store encryption keys.
4. Second and subsequent nodes will receive newly generated keys from
coordinator on join.
> TDE - Phase-1
> -------------
>
> Key: IGNITE-8485
> URL: https://issues.apache.org/jira/browse/IGNITE-8485
> Project: Ignite
> Issue Type: Sub-task
> Reporter: Nikolay Izhikov
> Assignee: Nikolay Izhikov
> Priority: Critical
> Fix For: 2.7
>
>
> Basic support for a Transparent Data Encryption should be implemented:
> 1. Usage of standard JKS, Java Security.
> 2. Persistent Data Encryption/Decryption.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
