Encrypting data
Data encryption uses a system key in the dse_system.encrypted_keys table.
Data encryption uses a system key in the dse_system.encrypted_keys table. The system key must exist on all nodes in the cluster. Tables are encrypted when Cassandra stores the tables on disk as SSTables. The entire cluster uses the system key to decrypt SSTables for operations such as repair. You also use the system key during upgrading and restoring SSTables that might have been corrupted.
The default system_key_directory /etc/dse/conf is specified in
the dse.yaml
file:
system_key_directory: /etc/dse/conf
On tarball
installations, you can change the location of the system_key_directory: - Navigate to install-directory/resources/dse/conf.
- Open the dse.yaml file for editing.
- Change the path of the system_key_directory to the path of a directory that you have permission to access.
The location of
the dse.yaml file depends on the
type of installation:
Installer-Services | /etc/dse/dse.yaml |
Package installations | /etc/dse/dse.yaml |
Installer-No Services | install_location/resources/dse/conf/dse.yaml |
Tarball installations | install_location/resources/dse/conf/dse.yaml |