[
https://issues.apache.org/jira/browse/KAFKA-8170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042139#comment-18042139
]
Guillaume Dufrêne commented on KAFKA-8170:
------------------------------------------
Hello,
Our engineering team provides some client-side components to encrypt event data.
We have been operating this model for the past three years and are quite
satisfied with it, despite some implications for maintenance and certain
limitations on SaaS platform features.
Our current model is limited to our technology scope (AES for encryption,
Microsoft keyvault for key wrapping).
Our approach has been presented at some conferences in a simplified manner.
https://vimeo.com/1118089379
We chose to provide encryption features within abstract SerDes.
If it makes sense, we can definitely put some effort into an open-source
initiative to bring payload encryption to Kafka.
> To add kafka data at rest encryption
> ------------------------------------
>
> Key: KAFKA-8170
> URL: https://issues.apache.org/jira/browse/KAFKA-8170
> Project: Kafka
> Issue Type: New Feature
> Components: log
> Reporter: Akash
> Priority: Minor
> Labels: features, security
>
> Kafka have mechanism for wire encryption of data.
> But the kafka data at rest which exist in <log.dir>/<topic-name>-<partition>
> is still unencrypted.
> This directories now have log files with actual messages embedded metadata,
> but unauthorised user can still recover messages from this files
> Addiding encryption for this data would be valuable for preventing message
> protection from disk theft, unauthorised user access on servers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
