Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Elasticsearch: Data Encryption at Rest

Tags:

elasticsearch

elasticsearch-shield

I am trying to encrypt the Elasticsearch data. Are there any native methods to encrypt the data? I studied about Elasticsearch supporting dm-crypt, but there are no proper supporting documents on how it is being implemented. Also, my clients need free/opensource alternatives to Shield/X-Pack.

TIA.

like image 650
sriramsm04 Avatar asked Dec 04 '17 06:12

sriramsm04

People also ask

Is Elasticsearch data encrypted at rest?

Amazon Elasticsearch Service now supports encryption of data at rest and node-to-node encryption on existing domains, enabling organizations hosting sensitive workloads to meet stringent security and compliance requirements.

Should I encrypt data at rest?

Encrypting data at rest is vital to data protection, and the practice reduces the likelihood of data loss or theft in cases of: A data breach. Lost or stolen devices. Inadvertent password sharing.

What encrypts data at rest?

The Encryption at Rest designs in Azure use symmetric encryption to encrypt and decrypt large amounts of data quickly according to a simple conceptual model: A symmetric encryption key is used to encrypt data as it is written to storage.

Is data at rest encrypted in AWS?

AWS provides the tools for you to create an encrypted file system that encrypts all of your data and metadata at rest using an industry standard AES-256 encryption algorithm .

1 Answers

What is the supposed behaviour for encryption? Be able to search against encrypted data or just store some sensitive fields (e.g. PII) encrypted?

First of all, consider removing your sensitive data from ELK stack, as it isn't a reliable place to store it there. Detach it (just remove and store somewhere else or tokenize, if you want to have a link to it) or obfuscate before pushing to ELK.

As an alternative to performing encryption by means of Elasticsearch or its plugins, you can encrypt your data in the application that pushes data to ES in advance and just keep a couple of index fields (which are going to be used to search by) in plain text. E.g.

{ 
    "index_field" : "John Doe", // plain text to search by
    "address" : "s3_34$af78...", // encrypted
    "passport" : "3%75O9gfjdg4%...", // encrypted
    ...
}

That depends on your specific application, however in some cases solving encryption & key management questions would be much easier than looking for a particular solution e.g. for ES.

like image 154
Vladimir Salin Avatar answered Oct 04 '22 08:10

Vladimir Salin
Sign in to Comment

Related questions

Use Nginx as proxy to prevent create/update/delete operations on ElasticSearch via JavaScript client-side
Disable ElasticSeach re-balancing if one node is down
elasticsearch disable term frequency scoring
ElasticSearch aggregation - filter and group by
Elasticsearch DeleteByQuery not working, getting 400 bad request
Elastic search: find word parts in nested object
ElasticSearch.Net dll quarantine from Antivirus - WS.Reputation.1
How can I debug why Fluentd is not sending data to Elasticsearch?
How to index dump of html files to elasticsearch?
When to use Haystack/ElasticSearch vs Django's ORM
How to avoid cross object search behavior with nested types in elastic search
Elasticsearch: field "title" was indexed without position data; cannot run PhraseQuery
Elasticsearch is not working after full disk
Elasticsearch with multiple parent/child relationship
Elasticsearch to index RDBMS data
Elasticsearch SQL like subquery aggregation
No living connections Error while Elasticsearch connections in nodejs
ElasticSearch - string concat aggregation?
ElasticSearch Analytical queries
Duplicate documents in Elasticsearch index with the same _uid

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!