[
https://issues.apache.org/jira/browse/KAFKA-8205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16813659#comment-16813659
]
Sriharsha Chintalapani commented on KAFKA-8205:
-----------------------------------------------
[~nitena2019] This is question should be in the mailing list rather than
opening a JIRA.
Kafka doesn't have data at rest encryption yet. Kafka Ssl provides wire
encryption only
What you mean by your data in logs are encrypted? is it possible that what you
are seeing is serialized data from Producers?
And make sure you don't have disk encryption from OS or other third-party
turned on
> Kafka SSL encryption of data at rest
> ------------------------------------
>
> Key: KAFKA-8205
> URL: https://issues.apache.org/jira/browse/KAFKA-8205
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 1.0.1
> Environment: All
> Reporter: Niten Aggarwal
> Priority: Major
>
> Recently we enabled SSL on our kafka cluster which earlier had SASL
> PLAINTEXT. Everything works fine from both producer and consumer standpoint
> as expected with one strange behavior. We noticed data in the log file is
> also encrypted which we didn't thought of because SSL is meant for transport
> level security not to encrypt data at rest.
> It doesn't mean we have any issues with that but would like to understand
> what enables to perform encrypting data at rest. Do we have a way to:-
> 1) turn it off
> 2) Extend the encryption algorithm if company would like to use their own key
> management system and different algorithm.
> After going through Kafka docs, we realized there is a KIP already in
> discussion but how come it's implemented without been approved?
> [https://cwiki.apache.org/confluence/display/KAFKA/KIP-317%3A+Add+transparent+data+encryption+functionality]
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
