- Can we enable encryption after already having data in yb? Will it only encrypt new data?
- What's the estimated perf impact of encrypting?
- Do we need to bootstrap the tservers each time they start up with the keys? If they can get the existing keys over RPC methods from existing instances does that mean an attacker could do the same to get the keys?
- What's the process like to recover a cluster if all of the masters were stopped?
Asked
Active
Viewed 195 times
3
James Hartig
- 1,009
- 1
- 9
- 20
1 Answers
2
Yes - you can enable encryption after the fact on an existing YugabyteDB cluster. New incoming data will start getting encrypted right away. Old data will get encrypted lazily - when compactions happens.
Specific will be workload dependent. Don't have specific numbers to share yet. But as a guideline, for write heavy workloads, we expect the overhead to be under 5%. For read heavy workloads, especially those where hot data set is in cache, the impact should be negligible.
The yb-tserver(s), if restarted, will learn of the current key from yb-master(s) using RPC calls. To protect this exchange from an attack, you can use the on-the-wire encryption feature, which makes sure that all server-to-server communication happens securely.
If a yb-master is restarted, it'll learn of the current key from other yb-masters. However, if all the masters go down at once, none of the masters will have this in memory state, and you will have to use
yb-adminto give the key to all the masters.
References: [1] https://docs.yugabyte.com/latest/secure/encryption-at-rest/ [2] https://docs.yugabyte.com/latest/secure/tls-encryption/
Kannan Muthukkaruppan
- 560
- 2
- 6