[
https://issues.apache.org/jira/browse/KAFKA-8170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16803940#comment-16803940
]
Sönke Liebau commented on KAFKA-8170:
-------------------------------------
Hi [~ashelke],
I've proposed
[KIP-317|https://cwiki.apache.org/confluence/display/KAFKA/KIP-317%3A+Add+transparent+data+encryption+functionality]
a while ago, which would probably cover this - though it would do so
client-side.
It has been dormant for a while now due to lots of other things to do on my end
to be honest, but I plan on reviving this very shortly.
> To add kafka data at rest encryption
> ------------------------------------
>
> Key: KAFKA-8170
> URL: https://issues.apache.org/jira/browse/KAFKA-8170
> Project: Kafka
> Issue Type: New Feature
> Components: log
> Reporter: Akash
> Priority: Minor
> Labels: features, security
>
> Kafka have mechanism for wire encryption of data.
> But the kafka data at rest which exist in <log.dir>/<topic-name>-<partition>
> is still unencrypted.
> This directories now have log files with actual messages embedded metadata,
> but unauthorised user can still recover messages from this files
> Addiding encryption for this data would be valuable for preventing message
> protection from disk theft, unauthorised user access on servers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
