For this reason, we were just thinking of waiting for Encryption at Rest with HDFS. Presumably, Accumulo could optimize encryption if it implemented encryption itself with a few trade-offs.
On Fri, Oct 30, 2015 at 10:22 PM, William Slacum <[email protected]> wrote: > So I've been looking into options for providing encryption at rest, and it > seems like what Accumulo has is abandonware from a project perspective. > There is no official documentation on how to perform encryption at rest, > and the best information from its status comes from year (or greater) old > ticket comments about how the feature is still experimental. Recently there > was a talk that described using HDFS encryption zones as an alternative. > > From my perspective, this is what I see as the current situation: > > 1- Encryption at rest in Accumulo isn't actively being worked on > 2- Encryption at rest in Accumulo isn't part of the public API or marketed > capabilities > 3- Documentation for what does exist is scattered throughout Jira comments > or presentations > 4- A viable alternative exists that appears to have feature parity in HDFS > encryption > 5- HBase has finer grained encryption capabilities that extend beyond what > HDFS provides > > Moving forward, what's the consensus for supporting this feature? > Personally, I see two options: > > 1- Start going down a path to bring the feature into the forefront and > start providing feature parity with HBase > > or > > 2- Remove the feature and place emphasis on upstream encryption offerings > > Any input is welcomed & appreciated! > -- Josef Roehrl Senior Software Developer *PHEMI Systems* 180-887 Great Northern Way Vancouver, BC V5T 4T5 604-336-1119 Website <http://www.phemi.com/> Twitter <https://twitter.com/PHEMISystems> Linkedin <http://www.linkedin.com/company/3561810?trk=tyah&trkInfo=tarId%3A1403279580554%2Ctas%3Aphemi%20hea%2Cidx%3A1-1-1>
