DSE Search encryption

DSE Search index encryption shares the setup with Cassandra SSTable encryption.

DSE Search uses transparent data encryption (TDE) to encrypt data, including DSE Search index files. Cached data is not encrypted. DSE Search index encryption shares the setup with Cassandra SSTable encryption, including secret key management and cipher creation.

DSE Search encryption is on when:

The backing Cassandra table is also encrypted. The backing CQL table for a Solr core contains the system key (secret key). This backing CQL table must be encrypted to enable encryption of Solr indexes. Every new index file is created with the latest encryption setup of the backing Cassandra table.
The solrconfig.xml file class for directoryFactory is solr.EncryptedFSDirectoryFactory.

Table encryption can be dynamically enabled, changed, and disabled without restarting a DataStax Enterprise node. The index encryption setup changes with the table.

All encrypted files have a header that contains the required information to reconstruct cipher transformation that is used for the file.

Note: Encryption with DSE Search introduces a slight performance overhead.