Table encryption options and syntax
When a table definition uses an encryption class, all table data except for primary keys is encrypted with a key entry from the location pointed by the cassandra.system_key_directory
JVM flag (/etc/cassandra/conf
by default).
If no keys match the cipher_algorithm
, secret_key_strength
, and system_key_file
settings, a new key is created and added to the directory.
The following syntax only shows encryption options. |
Syntax
COMPRESSION = {
'class' : '<encryption_class>'[,
'cipher_algorithm' : '<cipher_algorithm_type>'] [,
'secret_key_strength' : <length>] [,
'system_key_file': '<key_filename>'] };
Options
-
encryption_class
:Required. Specifies the encryption type. HCD supports the
Encryptor
class, which is used to encrypt and compress data. When using theEncryptor
class, specify a larger young generation heap (the-Xmn
parameter) to improve garbage collection (GC). -
cipher_algorithm_type
:Sets the type of encryption key. HCD supports the following JCE algorithms and corresponding
length
.