Configuring Local Encryption
Use locally-stored symmetric encryption keys to protect the following assets:
When you encrypt tables,
commit logs, and configuration properties using a local key:
Create any number of local encryption keys using the
Tables can use different encryption keys.
DataStax Enterprise creates a unique key for each combination of cipher algorithm, key strength, and external local encryption key used in a table definition and stores it in the
dse_system.encrypted_keystable. The local encryption key file is used to encrypt or decrypt the table key.
Configuration properties use the same key file that is defined by the
All system resources use the same key file. (The file is not selectable.)
Distribute all local encryption key files cluster-wide. Put keys on all nodes in the same folder and define the location in the
Ensure that the DataStax Enterprise account owns the
system_key_directoryand has read/write permission.
To change an encryption key, see Rekeying existing data.