Re: Data encryption in Kudu

the cfile machinery when writing to disk. I originally considered > recommending looking at the filesystem block manager, but we often do > offset lookups into the FS blocks, which I don't think could be supported > with encryption. > I think it could be -- if you use CTR mode for encr

Re: Data encryption in Kudu

n the same way and > should be encrypted too), and after that the WALs. > Yah, I think cfiles are a good place to start. AFAIK delta files reuse the cfile machinery when writing to disk. I originally considered recommending looking at the filesystem block manager, but we often do offset lookups

Re: Data encryption in Kudu

t is stored. Franco - Original Message - From: "Dan Burkert" To: user@kudu.apache.org Sent: Tuesday, May 2, 2017 2:54:26 PM Subject: Re: Data encryption in Kudu Hi Franco, Thanks for the writeup! I'm not an Oracle expert, but my interpretation of the TDE col

Re: Data encryption in Kudu

7;s on my 'to-do' list > Yah, the normal thing to do here is call out to an external keystore that holds a master encryption key. - Dan ---------- > *From: *fvent...@comcast.net > *To: *user@kudu.apache.org > *Sent: *Wednesday, April 26, 2017 9:48:07 PM > > *Subject: *Re: Data

Re: Data encryption in Kudu

orthogonal ways to achieve 'data encryption' in Kudu (and in Oracle as well): - client-side encryption (which Oracle calls 'TDE column encryption') - server-side encryption (which Oracle calls 'TDE tablespace encryption') - I prefer the terms 'client-side encr

Re: Data encryption in Kudu

David, Dan, Todd, thanks for your prompt replies. At this stage I am just exploring what it would take to implement some sort of data encryption in Kudu. After reading your comments here are some further thoughts: - according to the first sentence in this paragraph in the Kudu docs

Re: Data encryption in Kudu

Agreed with what Dan said. I think there are a number of interesting design alternatives to be considered, so before coding it would be great to work through a design document to explore the alternatives. For example, we could try to apply encryption at the 'fs/' layer, which would cover all non-W

Re: Data encryption in Kudu

Hi Franco, I think you are right that a client-based approach wouldn't work, because we wouldn't want to encrypt at the level of individual cell values. That would get in the way of encoding, compression, predicate evaluation, etc. As you note, adding encryption at the block layer is probably the

Re: Data encryption in Kudu

Hi Franco Dan, Alexey, Todd are our security experts. Folks, thoughts on this? Best David On Mon, Apr 24, 2017 at 7:08 PM, wrote: > Over the weekend I started looking at what it would take to add data > encryption to Kudu (besides using filesystem encryption via dm-crypt or > something lik

Data encryption in Kudu

Over the weekend I started looking at what it would take to add data encryption to Kudu (besides using filesystem encryption via dm-crypt or something like that). Here are a few notes - please feel free to comment on them and add suggestions: - reading through this mailing list, it looks like

Re: Data encryption in kudu

Hi Amit, None of the developers at Cloudera are currently working on it, and we don't have a projected timeline yet. That said: - it doesn't preclude a community contribution in this area. Would be happy to guide someone down this path if there's interest. - we have some preliminary test results

Data encryption in kudu

Hi Kudu Team, As per the latest release note "Data encryption is not included in the public beta.". Can you please confirm the probable time when we can expect the same. -- Thanks & Regards, *Amit Adhau* | Data Architect *GLOBANT* | IND:+91 9821518132 [image: Facebook]