search

elastic / elasticsearch

Free and Open Source, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
1.4k stars 24.87k forks source link

Encrypt data at rest #58557

Open eddieturizo opened 4 years ago

eddieturizo commented 4 years ago

Consider adding support for encrypting Elasticsearch indices on disk.

elasticmachine commented 4 years ago

Pinging @elastic/es-distributed (:Distributed/Distributed)

nik9000 commented 4 years ago

I'm sure we've talked about this in the past but not sure where we landed. I also don't know really which team it'd land on either, so I picked "distributed" because I expect they'll know better than I do what to do with this.

elasticmachine commented 4 years ago

Pinging @elastic/es-security (:Security/Security)

eddieturizo commented 4 years ago

For what it is worth, the guidance we share with users about encrypting data is that it is better handled by a tool like dm-crypt rather than baking those mechanisms into Elasticsearch.

jkakavas commented 4 years ago

I'm sure we've talked about this in the past but not sure where we landed

-->

how Elastic decided encrypting data at rest is better handled by a tool like dm-crypt rather than baking those mechanisms into Elasticsearch

Not necessarily saying that we shouldn't discuss this again, but we did discuss it fairly recently and the outcome was the above.

jcannell commented 2 years ago

I think the problem is that when most people think of encryption at rest they don't mean when the system is powered off, but just when it's stored on the disk, regardless of powered state.

Using dm-crypt only helps you when a system is powered off; it isn't going to help your data nodes that are usually (always) powered on and ready to be searched against. Like Bitlocker, it's an example of full disk encryption.

Really I think what most users are looking for is an application-level encryption solution that's also transparent to the end user while performing searches. There are some paid plugins that do this but it would be awesome if people didn't need those.

dm-crypt references, note the part that mentions data isn't protected while system is powered on: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/encrypting-block-devices-using-luks_security-hardening

Some (paid) plugins that do encryption at the application level: https://ironcorelabs.com/docs/cloaked-search/overview/ https://titaniam.io/products/