Support Questions
Find answers, ask questions, and share your expertise

Elastic search Encryption


We are trying to encrypt Elastic search nodes with Safenet Protect-file encryption(Data at rest)  which is a file level encryption. 

The elastic search directory is under /data/disk0/elasticsearch it has the PII data

So, we are using CDH 5.14 with Hbase, HDFS, Spark2 etc 

My question is 

1. Does this elastic search directory need to be mapped with Elasticsearch user account to be able to decrypt the elastic search directory?

2.what are the users or services(HDFS,HBASE, Spark2,  in cloudera should be allowed to decrypt data in Elastic search directory ?


Super Collaborator
Unfortunately, we don't support either Safenet or Elastic search. The recommendation would be to run elasticsearch on nodes that are separate from the CDH cluster, and then you can configure safenet without any concern from other service users. Since elasticsearch provides all interaction through its API, other service users shouldn't need any access to decrypt the data that elastic search is using. Alternatively you could use Cloudera Navigator Encrypt [1] to encrypt the data at rest and solr as your search engine, which is fully integrated into CDH.




Dear All.


As per this post...we can integrate elasticsearch with hive?


i think, there is some possible way to  install elasticsearch on cloudera.


Please follow below link for installation of elasticsearch on CDH.










; ;