public interface IgniteEncryption
Ignite provides Transparent Data Encryption of cache data on disk. Encryption features are provided by EncryptionSpi and can be configured via IgniteConfiguration.setEncryptionSpi(EncryptionSpi). Cache
encryption can be enabled via CacheConfiguration.setEncryptionEnabled(boolean).
Instance of IgniteEncryption is obtained from Ignite as follows:
Ignite ignite = Ignition.ignite(); IgniteEncryption encryption = ignite.encryption();Two types of keys are involved in data encryption: group and master keys.
Group key encrypts data of cache group caches. Each group key is encrypted by the master key. Encrypted group key and encrypted data are written to disk.
Ignite provides the ability to change the master key. Master keys are identified by a name (see EncryptionSpi.getMasterKeyName()). Follow operations are available for master key:
getMasterKeyName() gets current master key name in the cluster.changeMasterKey(String) ()} starts master key change process.| Modifier and Type | Method and Description |
|---|---|
IgniteFuture<Void> |
changeMasterKey(String masterKeyName)
Starts master key change process.
|
String |
getMasterKeyName()
Gets the current master key name.
|
String getMasterKeyName()
IgniteFuture<Void> changeMasterKey(String masterKeyName)
Each node will re-encrypt group keys stored on the disk.
NOTE: The new master key should be available to EncryptionSpi for each server node. Cache start
and node join during the key change process is prohibited and will be rejected.
If some node was unavailable during a master key change process it won't be able to join to cluster with the old
master key. The node should re-encrypt group keys during recovery on startup. The actual master key
name should be set via IgniteSystemProperties.IGNITE_MASTER_KEY_NAME_TO_CHANGE_BEFORE_STARTUP.
Follow @ApacheIgnite
Ignite Database and Caching Platform : ver. 2.9.0 Release Date : October 15 2020