You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by ab...@apache.org on 2020/08/12 09:00:16 UTC

[ignite] branch IGNITE-7595 updated: minor update

This is an automated email from the ASF dual-hosted git repository.

abudnikov pushed a commit to branch IGNITE-7595
in repository https://gitbox.apache.org/repos/asf/ignite.git


The following commit(s) were added to refs/heads/IGNITE-7595 by this push:
     new a7ddc82  minor update
a7ddc82 is described below

commit a7ddc8257bc89e0234e7fe1a165b0458a3c288f2
Author: abudnikov <ab...@gridgain.com>
AuthorDate: Wed Aug 12 11:59:42 2020 +0300

    minor update
---
 docs/_docs/security/tde.adoc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/_docs/security/tde.adoc b/docs/_docs/security/tde.adoc
index 0522f5e..90191ef 100644
--- a/docs/_docs/security/tde.adoc
+++ b/docs/_docs/security/tde.adoc
@@ -10,7 +10,10 @@ When link:persistence/native-persistence[Ignite persistence] is turned on, encry
 - Data on disk
 - WAL records
 
-If you enable cache/table encryption, Ignite will generate a key (called _cache encryption key_) and will use this key to encrypt/decrypt the cache's data. The cache encryption key is held in the system cache and cannot be accessed by users. When the key needs to be sent to other nodes or saved to disk (when the node goes down), it is encrypted using the user provided key — the _master key_.
+If you enable cache/table encryption, Ignite will generate a key (called _cache encryption key_) and will use this key to encrypt/decrypt the data in the cache.
+The cache encryption key is held in the system cache and cannot be accessed by users.
+When the cache encryption key is sent to other nodes or saved to disk (when the node goes down), it is encrypted using the _master key_.
+The master key must be specified by the user in the configuration.
 
 The _same_ master key must be specified via the configuration in every server node. One way to ensure you're using the same key is to copy the JKS file from one node to the other nodes. If you try to enable TDE using different keys, the nodes with the different key will not be able to join the cluster (will be rejected based on differing digests).
 
@@ -18,7 +21,7 @@ Ignite uses JDK-provided encryption algorithms: "AES/CBC/PKCS5Padding" to encryp
 
 == Limitations
 
-Transparent Data Encryption has some limitations that you should be aware of before deploying it your production environment.
+Transparent Data Encryption has some limitations that you should be aware of before deploying it in your production environment.
 
 *Encryption*
 
@@ -52,7 +55,7 @@ include::{javaCodeDir}/TDE.java[tags=config, indent=0]
 ----
 
 tab:C#/.NET[]
-tab:C++[]
+tab:C++[unsupported]
 --