Encrypting new Search indexes
Steps to encrypting new DSE Search index files.
solrj-auth-README.md
The default location of the solrj-auth-README.md file depends on the type of installation:
Package installations |
/usr/share/dse/solr |
Tarball installations |
installation_location/resources/solr |
clients
The default location of the clients directory depends on the type of installation:
Package installations |
/usr/share/dse/clients |
Tarball installations |
installation_location/clients |
Using SolrJ Auth to implement encryption
To use the SolrJ-Auth libraries to implement encryption, follow instructions in the solrj-auth-README.md file.
These SolrJ-Auth libraries are included in the clients directory in DataStax Enterprise distribution. The SolrJ-Auth code is public.
Prerequisites
When using TDE on a secure local file system, encryption keys are stored remotely with KMIP encryption or locally with on-server encryption.
Procedure
solr.EncryptedFSDirectoryFactory
.
solr.EncryptedFSDirectoryFactory
with the handy coreOptionsInline
argument:
dsetool create_core keyspace_name.table_name generateResources=true coreOptionsInline="directory_factory_class:solr.EncryptedFSDirectoryFactory"