Creating a table with encryption and compression
DataStax recommends creating tables with both encryption and compression enabled, using EncryptingLZ4Compressor as the encryption class.
Prerequisites
Complete the key setup described in Setting up local encryption keys.
|
When using a local encryption key file, set the location |
Procedure
-
Change to the keyspace where you want to create the table. The following examples use
testas the keyspace name:cqlshUSE test; -
Create the table with encryption and compression.
The following example encrypts a table named
encryption_testusing theDESedealgorithm, with a key length of112. Data is compressed using theEncryptingLZ4Compressorcompressor.A local encryption key called system_key must exist in the directory specified by
system_key_directoryin dse.yaml. This file was created when Setting up local encryption keys.If the DSE account does not have read/write permission or the file is missing, an error message Failed to initialize Encryptor displays.
CREATE TABLE test.encryption_test (d int PRIMARY KEY) WITH COMPRESSION = { 'class': 'EncryptingLZ4Compressor', 'cipher_algorithm' : 'DESede/CBC/PKCS5Padding', 'secret_key_strength' : 112, 'system_key_file' : 'system_key' };See Table encryption options and syntax for more information.
-
To change the encryption settings, use the
ALTER TABLEcommand and specify the settings to modify.The following command changes the encryption key used to encrypt the table data, and modifies the key strength.
ALTER TABLE test.encryption_test WITH COMPRESSION = { 'class': 'EncryptingLZ4Compressor', 'cipher_algorithm' : 'AES/ECB/PKCS5Padding', 'secret_key_strength' : 128, 'system_key_file' : 'system_key' }; -
If you changed encryption settings, run the following command on all nodes in the cluster to rewrite the SSTables using the new encryption key:
nodetool upgradesstables -a test encryption_test
