Ben has a good point here. There's an advantage to encrypting in the application, you can encrypt data per-account / user / [some other thing]. It's possible to revoke all access to all the data for a particular [whatever] by simply deleting the encryption key.
Lots of options available. On Wed, Aug 1, 2018 at 4:39 PM Ben Slater <ben.sla...@instaclustr.com> wrote: > My recommendation is generally to look at encrypting in your application > as it’s likely to be overall more secure than DB-level encryption anyway > (generally the closer to the user you encrypt the better). I wrote a blog > on this last year: > https://www.instaclustr.com/securing-apache-cassandra-with-application-level-encryption/ > > We also use encrypted GP2 EBS pretty widely without issue. > > Cheers > Ben > > On Thu, 2 Aug 2018 at 05:38 Jonathan Haddad <j...@jonhaddad.com> wrote: > >> You can also get full disk encryption with LUKS, which I've used before. >> >> On Wed, Aug 1, 2018 at 12:36 PM Jeff Jirsa <jji...@gmail.com> wrote: >> >>> EBS encryption worked well on gp2 volumes (never tried it on any others) >>> >>> -- >>> Jeff Jirsa >>> >>> >>> On Aug 1, 2018, at 7:57 AM, Rahul Reddy <rahulreddy1...@gmail.com> >>> wrote: >>> >>> Hello, >>> >>> Any one tried aws ec2 volume encryption for Cassandra instances? >>> >>> On Tue, Jul 31, 2018, 12:25 PM Rahul Reddy <rahulreddy1...@gmail.com> >>> wrote: >>> >>>> Hello, >>>> >>>> I'm trying to find a good document on to enable encryption for Apache >>>> Cassandra (not on dse) tables and commilogs and store the keystore in kms >>>> or vault. If any of you already configured please direct me to >>>> documentation for it. >>>> >>> >> >> -- >> Jon Haddad >> http://www.rustyrazorblade.com >> twitter: rustyrazorblade >> > -- > > > *Ben Slater* > > *Chief Product Officer <https://www.instaclustr.com/>* > > <https://www.facebook.com/instaclustr> <https://twitter.com/instaclustr> > <https://www.linkedin.com/company/instaclustr> > > Read our latest technical blog posts here > <https://www.instaclustr.com/blog/>. > > This email has been sent on behalf of Instaclustr Pty. Limited (Australia) > and Instaclustr Inc (USA). > > This email and any attachments may contain confidential and legally > privileged information. If you are not the intended recipient, do not copy > or disclose its content, but please reply to this email immediately and > highlight the error to the sender and then immediately delete the message. > -- Jon Haddad http://www.rustyrazorblade.com twitter: rustyrazorblade
