Hi Buddies, I just wanted to understand the data security in Cassandra DB. Is that all entities like apikeys, custom attributes, kvms, cache values…etc in Cassandra stored in encrypted format or plain? Please suggest me if you have any idea.
1 Like
May be a good read and hope this will help understand https://docs.apigee.com/private-cloud/v4.50.00/key-encryption
& little more https://docs.apigee.com/private-cloud/v4.50.00/enable-cassandra-internode-encryption information.
1 Like
Hi, @srinu888
From the KVM perspective, I can say that Apigee Edge offers non-encrypted KVM by default now & also optional encrypted KVM.
Since all the components of the Edge, including Runtime Plane with Kassandra, are Google-hosted, you may want to refer to this article https://cloud.google.com/security/encryption/default-encryption.
Apigee Hybrid’s Runtime Plane could be installed on your private GKE, hence, you are having much more control over the Kassandra configuration. For example, you could set encrypted KVM by default & also have everything else encrypted -https://cloud.google.com/apigee/docs/hybrid/v1.1/cassandra-production
thanks, regards, Yermek
Hi @srinu888 ,
Google’s Apigee provides multiple layers of security for the data stored in its databases. First, everything is encrypted at rest at the disk layer. This is true across all deployment options, Apigee X, Apigee Hybrid, and Apigee OPDK. Secondly, you have the ability to either leverage a unique default key configuration or you may provide your own encryption keys (CMEK) during the set up of an instance. Additionally, some fields have field level encryption. The options for field level encryption vary a bit by the deployment option chosen. For example, as you can see here: https://cloud.google.com/apigee/docs/hybrid/v1.6/key-encryption, KMS, KVM, and Cache are automatically in an X or Hybrid deployment. Please check the documentation for the version you are running or looking at for specifics.
Cheers
1 Like