Table encryption options and syntax

When a table definition uses an encryption class, all table data except for primary keys is encrypted with a key entry from the location pointed by the cassandra.system_key_directory JVM flag (/etc/cassandra/conf by default). If no keys match the cipher_algorithm, secret_key_strength, and system_key_file settings, a new key is created and added to the directory.

The following syntax only shows encryption options.

Syntax

COMPRESSION = {
  'class' : '<encryption_class>'[,
  'cipher_algorithm' : '<cipher_algorithm_type>'] [,
  'secret_key_strength' : <length>] [,
  'system_key_file': '<key_filename>'] };

Options

  • encryption_class

    Specifies the encryption type. HCD supports the Encryptor class. (Required)

    Name Encrypts Compresses

    Encryptor [1]

    Yes

    No

[1] When using the Encryptor class, specify a larger young generation heap (the -Xmn parameter) to improve garbage collection (GC).

cipher_algorithm_type

Sets the type of encryption key. HCD supports the following JCE algorithms and corresponding length.

include::ROOT:partial$nodetool/create-system-key.adoc[nodetool createsystemkey].

+ Default: system_key.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax, an IBM Company | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com