Hello,
I would like to know more about the encryption at rest of this solution. It says on the documentation :
“At rest, encryption secures sensitive data stored in a cluster.”
I tried to find more on github, but I didn’t find anything about it. I might have not tried the correct key words.
Could you please tell me if there is an at rest encryption ? If yes, is that possible to show me what kind of encryption ?
Best regards,
First, welcome to the OpenSearch community @bksoft - we’re glad you’re here.
@scrawfor - would you be able to provide insight on this one? I’m not finding where in the docs we describe what type of encryption. thanks!
Hi @bksoft and Kris,
That is a great question. After some digging and speaking with @cwperks, it appears that the documentation is maybe slightly mis-worded (going to get it changed after this). In short, the node operating system is what will determine the encryption mechanism of the data at rest: see here. While the security plugin does handle encryption in transport and authentication/authorization encryption it does not actually control the at-rest encryption.
There are some other plugins available for OpenSearch which do offer this support such as the S3-repository plugin. Likewise, some managed offerings of OpenSearch allow users to specify the type of encryption they would like.
I hope this helps.
Best,
Stephen