Hi Ben, Druid's security features today consist of an authentication/authorization layer, and the ability to use TLS. To my knowledge encrypting the data files at rest has not been looked into yet. In the past when I've been asked, I've suggested using disk encryption, and people usually seem happy with that. But it sounds like you have more strict requirements.
Since Druid's segment format is column oriented, you could imagine each column being encrypted with its own key. Possibly the same system that handles compression could handle encryption too (we compress columns in chunks of a few thousand rows each). I'm not enough of an encryption expert to know if that's the right way to go, but it would be a possibility. On Mon, Jul 2, 2018 at 4:42 PM Ben DeMott <ben.dem...@gmail.com> wrote: > Was wondering if anyone had worked on, considered, or thought about > security or privacy in Druid. > Where I work has extremely strict requirements on storing some types of > client data. > Ideally we would encrypt data per-client in such a way where querying > segments requires an encryption key based upon a given dimension of the > data (client). > > Has anyone worked on this, or homomorphic encrpytion in Druid? > > Thanks, > Ben >
