Transparent Data Encryption

DataStax recommends encrypting sensitive configuration properties in the dse.yaml and cassandra.yaml files.

Locate the dse.yaml and cassandra.yaml configuration files. The location of these files depends on the type of installation:


File Location


Package installations: /etc/dse/dse.yaml

Tarball installations: <installation_location>/resources/dse/conf/dse.yaml


Package installations: /etc/dse/cassandra/cassandra.yaml

Tarball installations: <installation_location>/resources/cassandra/conf/cassandra.yaml

About Transparent Data Encryption

Protects sensitive at-rest data stored in configuration files, database tables and SSTable indexes.

Configuring local encryption

Use locally-stored symmetric encryption keys to protect any or all sensitive system resources, configuration file properties, search indexes, and database tables.

Configuring KMIP encryption

Protect sensitive data using encryption keys from a remote Key Management Interoperability Protocol (KMIP).

Encrypting Search indexes

DSE Search index encryption shares the setup with SSTable encryption.

Migrating encrypted tables from earlier versions

Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.

Bulk loading data between TDE-enabled clusters

Bulk loading data between TDE-enabled clusters requires the correct deployment of encryption keys.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,