|_|
> From: jim_hoagl...@symantec.com
> To: users@kafka.apache.org; mgai...@hotmail.com
> Date: Tue, 3 May 2016 10:11:00 -0700
> Subject: Re: Encryption at Rest
>
secure.
Multiple public/private key pairs can be in use at a time and you could
change keys for any reason.
-- Jim
On 5/3/16, 5:39 AM, "Martin Gainty" wrote:
>MG>hopefully quick comment
>
>> Subject: Re: Encryption at Rest
>> From: bruno.rassae...@no
MG>hopefully quick comment
> Subject: Re: Encryption at Rest
> From: bruno.rassae...@novazone.be
> Date: Tue, 3 May 2016 08:55:52 +0200
> To: users@kafka.apache.org
>
> From what I understand, when using batch compression in Kafka, the files are
> stored compressed
From what I understand, when using batch compression in Kafka, the files are
stored compressed.
Don’t really see the difference between compression and encryption in that
aspect.
If Kafka would support pluggable algorithms for compression (it already
supports two), it would be rather straightfor
"We need to be capable of changing encryption keys on regular
intervals and in case of expected key compromise." is achievable with
full disk encryption particularly if you are willing to add and remove
Kafka servers so that you replicate the data to new machines/disks
with new keys and take the ma
We did try indeed the last scenario you describe as encrypted disks do not
fulfil our requirements.
We need to be capable of changing encryption keys on regular intervals and in
case of expected key compromise.
Also, when a running machine is hacked, disk based or file system based
encryption do
I'm trying to understand your use-case for encrypted data.
Does it need to be encrypted only over the wire? This can be accomplished
using TLS encryption (v0.9.0.0+). See
https://issues.apache.org/jira/browse/KAFKA-1690
Does it need to be encrypted only when at rest? This can be accomplished
usin
Hello,
We tried encrypting the data before sending it to kafka, however this makes the
compression done by kafka almost impossible.
Also the performance overhead of encrypting the individual messages was quite
significant.
Ideally, a pluggable “compression” algorithm would be best. Where messag
Another option is to encrypt the data before you hand it to Kafka and have
the downstream decrypt it. This takes care of on-disk on on-wire
encryption. We did a proof of concept of this:
http://www.symantec.com/connect/blogs/end-end-encryption-though-kafka-our-p
roof-concept
( http://symc.l
Kafka handles messages which are compose of an array of bytes. Kafka does not
care what is in those byte arrays.
You could use a custom Serializer and Deserializer to encrypt and decrypt the
data from with your application(s) easily enough.
This give the benefit of having encryption at rest a
IMHO, I think that responsibility should lie on the file system, not Kafka.
Feels like a waste of time and double work to implement that unless there's
a really good reason for it. Let's try to keep Kafka a focused product that
does one thing well.
Cheers,
Jens
On Fri, Apr 22, 2016 at 3:31 AM Tau
I meant encryption of the data at rest. We utilize filesytem encryption for
other products; just wondering if anything was on the Kafka roadmap.
Dave
> On Apr 21, 2016, at 18:12, Martin Gainty wrote:
>
> Dave-
> so you want username/password credentials to be sent in response to an HTTP
>
>From what I know of previous discussions encryption at rest can be
handled with transparent disk encryption. When that's sufficient it's
nice and easy.
Christian
On Thu, Apr 21, 2016 at 2:31 PM, Tauzell, Dave
wrote:
> Has there been any discussion or work on at rest encryption for Kafka?
>
> Th
Dave-
so you want username/password credentials to be sent in response to an HTTP Get
as clear text?
if not this has been asked and answered with
Axishttps://axis.apache.org/axis2/java/rampart/
Martin
__
Hello,
IIRC, no, it does not. Where I work, one team had the same issue and built
some custom code to handle the encryption and decryption of messages at the
producer and consumer. However, you have to take key management into account
as once a message is written to the broker, you can't decr
15 matches
Mail list logo
