|_|
> From: jim_hoagl...@symantec.com
> To: users@kafka.apache.org; mgai...@hotmail.com
> Date: Tue, 3 May 2016 10:11:00 -0700
> Subject: Re: Encryption at Rest
>
secure.
Multiple public/private key pairs can be in use at a time and you could
change keys for any reason.
-- Jim
On 5/3/16, 5:39 AM, "Martin Gainty" wrote:
>MG>hopefully quick comment
>
>> Subject: Re: Encryption at Rest
>> From: bruno.rassae...@no
MG>hopefully quick comment
> Subject: Re: Encryption at Rest
> From: bruno.rassae...@novazone.be
> Date: Tue, 3 May 2016 08:55:52 +0200
> To: users@kafka.apache.org
>
> From what I understand, when using batch compression in Kafka, the files are
> stored compressed
>>>>
>>>>> On 26 Apr 2016, at 19:02, Jim Hoagland
>>>> wrote:
>>>>>
>>>>> Another option is to encrypt the data before you hand it to Kafka and
>>>> have
>>>>> the downstream decrypt it. This takes car
nd-end-encryption-though-kafka-our-p
>>>> roof-concept
>>>>
>>>> ( http://symc.ly/1pC2CEG )
>>>>
>>>> -- Jim
>>>>
>>>> On 4/25/16, 11:39 AM, "David Buschman" wrote:
>>>>
>>>>>
gt;>
>>> -- Jim
>>>
>>> On 4/25/16, 11:39 AM, "David Buschman" wrote:
>>>
>>>> Kafka handles messages which are compose of an array of bytes. Kafka
>> does
>>>> not care what is in those byte arrays.
>>>>
se byte arrays.
> >>
> >> You could use a custom Serializer and Deserializer to encrypt and
> decrypt
> >> the data from with your application(s) easily enough.
> >>
> >> This give the benefit of having encryption at rest and over the wire.
> Two
> &
man" wrote:
>
>> Kafka handles messages which are compose of an array of bytes. Kafka does
>> not care what is in those byte arrays.
>>
>> You could use a custom Serializer and Deserializer to encrypt and decrypt
>> the data from with your application(s) easil
m with your application(s) easily enough.
>
>This give the benefit of having encryption at rest and over the wire. Two
>birds, one stone.
>
>DaVe.
>
>
>> On Apr 25, 2016, at 2:14 AM, Jens Rantil wrote:
>>
>> IMHO, I think that responsibility should lie on
Kafka handles messages which are compose of an array of bytes. Kafka does not
care what is in those byte arrays.
You could use a custom Serializer and Deserializer to encrypt and decrypt the
data from with your application(s) easily enough.
This give the benefit of having encryption at rest
>
> >
> >
> >> From: dave.tauz...@surescripts.com
> >> To: users@kafka.apache.org
> >> Subject: Encryption at Rest
> >> Date: Thu, 21 Apr 2016 21:31:56 +
> >>
> >> Has there been any discussion or work on at rest encryption for
e to an HTTP
> Get as clear text?
> if not this has been asked and answered with
> Axishttps://axis.apache.org/axis2/java/rampart/
>
> Martin
> __
>
>
>
>> From: dave.tauz...@surescripts.com
>> To: users@kafk
>From what I know of previous discussions encryption at rest can be
handled with transparent disk encryption. When that's sufficient it's
nice and easy.
Christian
On Thu, Apr 21, 2016 at 2:31 PM, Tauzell, Dave
wrote:
> Has there been any discussion or work on at rest encr
__
> From: dave.tauz...@surescripts.com
> To: users@kafka.apache.org
> Subject: Encryption at Rest
> Date: Thu, 21 Apr 2016 21:31:56 +
>
> Has there been any discussion or work on at rest encryption for Kafka?
>
> Th
Has there been any discussion or work on at rest encryption for Kafka?
Thanks,
Dave
This e-mail and any files transmitted with it are confidential, may contain
sensitive information, and are intended solely for the use of the individual or
entity to whom they are addressed. If you have receiv
t verified).
>
> BTW, any concern with codec approach apart from customization/make codec
> pluggable?
>
> Thanks,
> Josh
>
> From: Jim Hoagland
> Sent: Thursday, January 21, 2016 1:02 PM
> To: users@kafka.apache.org; Josh Wo
>
users@kafka.apache.org; Josh Wo
Subject: Re: security: encryption at rest and key rotation idea
For the offset, at the start of topic (and perhaps periodically in the
topic), the script could make a note of the corresponding offset in the
previous topic. The consumer could then see the correspondence betwee
>they are not going to handle the volume from beginning on regular basis
>(BTW, the key rotation will be on regular basis). Maybe implement custom
>offset storage somewhere else?
>
>I think encryption at rest will be very interesting to most of enterprise
>grade user moving to cloud
y with consumer, they are not going to handle
the volume from beginning on regular basis (BTW, the key rotation will be on
regular basis). Maybe implement custom offset storage somewhere else?
I think encryption at rest will be very interesting to most of enterprise grade
user moving to cloud
il
>Sent: Tuesday, January 19, 2016 11:48 PM
>To: users@kafka.apache.org
>Cc: users@kafka.apache.org
>Subject: Re: security: encryption at rest and key rotation idea
>
>Hi Josh,
>
>
>Kafka will/can expire message logs after a certain TTL. You can't simply
>rel
to decrypt if we don't
re-encrypt them also.
Josh
From: Jens Rantil
Sent: Tuesday, January 19, 2016 11:48 PM
To: users@kafka.apache.org
Cc: users@kafka.apache.org
Subject: Re: security: encryption at rest and key rotation idea
Hi Josh,
Kafka wil
Jens
–
Skickat från Mailbox
On Wed, Jan 20, 2016 at 12:34 AM, Josh Wo wrote:
> We are trying to deploy kafka into EC2 and one of the requirement from
> infosec is to have kafka encryption at rest (stored with encrypted value). We
> also need to be able to rotate encryption keys
We are trying to deploy kafka into EC2 and one of the requirement from infosec
is to have kafka encryption at rest (stored with encrypted value). We also need
to be able to rotate encryption keys and re-encrypt all the messages on regular
basis since we are a financial company. The re
x27;t decrypt/re-encrypt to
change the key. This can be an issue if you have to replay messages.
-Original Message-
From: Chris Curtin [mailto:curtin.ch...@gmail.com]
Sent: Monday, April 01, 2013 4:07 PM
To: users
Subject: Encryption at rest?
Hi,
Does Kafka support encrypting data at
Hi,
Does Kafka support encrypting data at rest? During my AJUG presentation
someone asked if the files could be encrypted to address PII needs?
Thanks,
Chris
25 matches
Mail list logo
