What is the encryption at rest?


I would like to know more about the encryption at rest of this solution. It says on the documentation :
“At rest, encryption secures sensitive data stored in a cluster.”

I tried to find more on github, but I didn’t find anything about it. I might have not tried the correct key words.

Could you please tell me if there is an at rest encryption ? If yes, is that possible to show me what kind of encryption ?

Best regards,

First, welcome to the OpenSearch community @bksoft - we’re glad you’re here.

@scrawfor - would you be able to provide insight on this one? I’m not finding where in the docs we describe what type of encryption. thanks!

Hi @bksoft and Kris,

That is a great question. After some digging and speaking with @cwperks, it appears that the documentation is maybe slightly mis-worded (going to get it changed after this). In short, the node operating system is what will determine the encryption mechanism of the data at rest: see here. While the security plugin does handle encryption in transport and authentication/authorization encryption it does not actually control the at-rest encryption.

There are some other plugins available for OpenSearch which do offer this support such as the S3-repository plugin. Likewise, some managed offerings of OpenSearch allow users to specify the type of encryption they would like.

I hope this helps.



1 Like

Hi @kris and @scrawfor,

Thank you for your answers. I’m glad it is clear now.

Best regards,

1 Like