You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Ming Zhang (Jira)" <ji...@apache.org> on 2021/04/13 02:47:00 UTC

[jira] [Commented] (LUCENE-9379) Directory based approach for index encryption

    [ https://issues.apache.org/jira/browse/LUCENE-9379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319836#comment-17319836 ] 

Ming Zhang commented on LUCENE-9379:
------------------------------------

[~bruno.roustant] In our case, we have dedicated collection for each tenant. Because it has so many tenants that it's not possible to serve them in single solr clsuter, we have multiple clusters. It has to have different encryption key for each collection as well. It looks this directory(tenant) based approach is able address our requirement. Looking forward to getting this enhancement soon.

> Directory based approach for index encryption
> ---------------------------------------------
>
>                 Key: LUCENE-9379
>                 URL: https://issues.apache.org/jira/browse/LUCENE-9379
>             Project: Lucene - Core
>          Issue Type: New Feature
>            Reporter: Bruno Roustant
>            Assignee: Bruno Roustant
>            Priority: Major
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> +Important+: This Lucene Directory wrapper approach is to be considered only if an OS level encryption is not possible. OS level encryption better fits Lucene usage of OS cache, and thus is more performant.
> But there are some use-case where OS level encryption is not possible. This Jira issue was created to address those.
> ____________________________________________
>  
> The goal is to provide optional encryption of the index, with a scope limited to an encryptable Lucene Directory wrapper.
> Encryption is at rest on disk, not in memory.
> This simple approach should fit any Codec as it would be orthogonal, without modifying APIs as much as possible.
> Use a standard encryption method. Limit perf/memory impact as much as possible.
> Determine how callers provide encryption keys. They must not be stored on disk.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org