Encrypting Search indexes

DSE Search index encryption shares the setup with SSTable encryption.

DSE Search uses transparent data encryption (TDE) to encrypt data, including DSE Search index files and the DSE Search commit log. Cached data is not encrypted. DSE Search index encryption shares the setup with SSTable encryption, including secret key management and cipher creation.

DSE Search encryption is on when:

  • The backing database table is also encrypted. The backing CQL table for a search core contains the system key (secret key). This backing CQL table must be encrypted to enable encryption of search indexes. Every new index file is created with the latest encryption setup of the backing database table.

  • The search index config class for directoryFactory is solr.EncryptedFSDirectoryFactory.

Table encryption can be dynamically enabled, changed, and disabled without restarting a DataStax Enterprise node. The index encryption setup changes with the table.

All encrypted files have a header that contains the required information to reconstruct cipher transformation that is used for the file.

Encryption with DSE Search introduces a slight performance overhead.


Encrypting new Search indexes

Steps to encrypting new DSE Search index files.

Encrypting existing Search indexes

Steps to encrypt existing DSE Search index files.

Tuning encrypted Search indexes

Steps to tune DSE Search index encryption.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com