Encrypting new DSE Search indexes
Steps to encrypting new DSE Search index files.
Prerequisites
When using TDE secure local file system. Encryption keys are stored remotely with KMIP encryption or locally with on-server encryption.
Procedure
Encryption is enabled per core.
To enable encryption for a new core, edit the solrconfig.xml file to
change the class for directoryFactory to
solr.EncryptedFSDirectoryFactory
.
- Recommended: Use the dsetool
create_core command with automatic resource generation. Specify
the class for directoryFactory to
solr.EncryptedFSDirectoryFactory
with the handycoreOptionsInline
argument:dsetool create_core keyspace.table generateResources=true coreOptionsInline="directory_factory_class:solr.EncryptedFSDirectoryFactory"
- You can also use the dsetool
create_core command this way:
dsetool create_core keyspace.table schema=schema.xml solrconfig=solrconfig.xml
where the solrconfig.xml file specifies the required directoryFactory:
See Using custom resources.<directoryFactory name="DirectoryFactory" class="solr.EncryptedFSDirectoryFactory"/>
After you create an encrypted Solr core, a node restart is not required.