Table encryption options and syntax
When a table definition uses an encryption class, all table data except for primary keys is encrypted with a key entry from the location pointed by the cassandra.system_key_directory
JVM flag (/etc/cassandra/conf
by default).
If no keys match the cipher_algorithm
, secret_key_strength
, and system_key_file
settings, a new key is created and added to the directory.
The following syntax only shows encryption options. |
Syntax
COMPRESSION = {
'class' : '<encryption_class>'[,
'cipher_algorithm' : '<cipher_algorithm_type>'] [,
'secret_key_strength' : <length>] [,
'system_key_file': '<key_filename>'] };
Options
-
encryption_class
Specifies the encryption type. HCD supports the
Encryptor
class. (Required)Name Encrypts Compresses Encryptor [1]
Yes
No
[1] When using the Encryptor class, specify a larger young generation heap (the -Xmn
parameter) to improve garbage collection (GC).
cipher_algorithm_type
-
Sets the type of encryption key. HCD supports the following JCE algorithms and corresponding
length
.
include::ROOT:partial$nodetool/create-system-key.adoc[nodetool createsystemkey
].
+
Default: system_key
.