The point of encryption in Cassandra is to protect data in flight between the cluster and clients (or between nodes in the cluster.) The presumption is that normal system network access control (e.g., remote login, etc.) will preclude bad actors from directly accessing the file system on a cluster node.
-- Jack Krupansky On Thu, Jan 14, 2016 at 5:16 PM, oleg yusim <olegyu...@gmail.com> wrote: > Greetings, > > Guys, can you please help me to understand following: > > I'm reading through the way keystore and truststore are implemented, and > it is all fine and great, but at the end Cassandra documentation > instructing to extract all the keystore content and leave all certs and > keys in a clear. > > Do I miss something here? Why are we doing it? What is the point to even > have a keystore then? It doesn't look very secure to me... > > Another item - cassandra.yaml has passwords from keystore and truststore - > clear text... what is the point to have these stores then, if passwords are > out? > > Thanks, > > Oleg >
