If you’re using AWS with EBS then you can just handle that with KMS to encrypt
the volumes. If you’re using local storage on EC2, or you aren’t on AWS, then
you’ll have to do heavier lifting with luks and dm-crypt, or eCryptfs, etc. If
you’re using a container mechanism for your C* deployments, you might prefer
options that encrypt based on directory hierarchies instead of block storage or
filesystems, if you want some security isolation between co-tenants on a box.
I was trying to jog my memory on the current state of the art and hit a decent
summary on the Arch Linux site that you may wish to eyeball:
https://wiki.archlinux.org/index.php/Data-at-rest_encryption
From: Arvinder Dhillon
Reply-To: "user@cassandra.apache.org"
Date: Thursday, June 25, 2020 at 1:12 AM
To: "user@cassandra.apache.org"
Subject: Re: Encryption at rest
Message from External Sender
Do it at storage level.
On Wed, Jun 24, 2020, 1:01 PM Jeff Jirsa
mailto:jji...@gmail.com>> wrote:
Not really, no.
On Wed, Jun 24, 2020 at 1:00 PM Abdul Patel
mailto:abd786...@gmail.com>> wrote:
Team,
Do we have option in open source to do encryption at rest in cassandra ?