public interface IgniteEncryption
Ignite provides Transparent Data Encryption of cache data on disk. Encryption features are provided by
EncryptionSpi and can be configured via
encryption can be enabled via
IgniteEncryption is obtained from
Ignite as follows:
Ignite ignite = Ignition.ignite(); IgniteEncryption encryption = ignite.encryption();Two types of keys are involved in data encryption: group and master keys.
Group key encrypts data of cache group caches. Each group key is encrypted by the master key. Encrypted group key and encrypted data are written to disk.
Ignite provides the ability to change the master key. Master keys are identified by a name (see
EncryptionSpi.getMasterKeyName()). Follow operations are available for master key:
|Modifier and Type||Method and Description|
Starts cache group encryption key change process.
Starts master key change process.
Gets the current master key name.
IgniteFuture<Void> changeMasterKey(String masterKeyName)
Each node will re-encrypt group keys stored on the disk.
NOTE: The new master key should be available to
EncryptionSpi for each server node. Cache start
and node join during the key change process is prohibited and will be rejected.
If some node was unavailable during a master key change process it won't be able to join to cluster with the old
master key. The node should re-encrypt group keys during recovery on startup. The actual master key
name should be set via
IgniteFuture<Void> changeCacheGroupKey(Collection<String> cacheOrGrpNames)
NOTE: Node join is rejected during rotation of cache group encryption key. Background re-encryption of existing data in the specified cache group(s) begins after the encryption key(s) is changed. During re-encryption, node join is not rejected, the cluster remains fully functional, it is fault-tolerant operation that automatically continues after restart. Secondary rotation of the encryption key of a cache group is only possible after background re-encryption of existing data in this cache group is completed.
cacheOrGrpNames- Cache or group names.