If you’re using AWS with EBS then you can just handle that with KMS to encrypt the volumes. If you’re using local storage on EC2, or you aren’t on AWS, then you’ll have to do heavier lifting with luks and dm-crypt, or eCryptfs, etc. If you’re using a container mechanism for your C* deployments, you might prefer options that encrypt based on directory hierarchies instead of block storage or filesystems, if you want some security isolation between co-tenants on a box. I was trying to jog my memory on the current state of the art and hit a decent summary on the Arch Linux site that you may wish to eyeball:
https://wiki.archlinux.org/index.php/Data-at-rest_encryption From: Arvinder Dhillon <dhillona...@gmail.com> Reply-To: "user@cassandra.apache.org" <user@cassandra.apache.org> Date: Thursday, June 25, 2020 at 1:12 AM To: "user@cassandra.apache.org" <user@cassandra.apache.org> Subject: Re: Encryption at rest Message from External Sender Do it at storage level. On Wed, Jun 24, 2020, 1:01 PM Jeff Jirsa <jji...@gmail.com<mailto:jji...@gmail.com>> wrote: Not really, no. On Wed, Jun 24, 2020 at 1:00 PM Abdul Patel <abd786...@gmail.com<mailto:abd786...@gmail.com>> wrote: Team, Do we have option in open source to do encryption at rest in cassandra ?