Encryption at rest
06 November 2017 12:10 PM
Does MarkLogic provide encryption at rest?
MarkLogic 9 introduces the ability to encrypt 'data at rest' - data that is on media (on disk or in the cloud), as opposed to data that is being used in a process. Encryption can be applied to newly created files, configuration files, or log files. Existing data files can be encrypted by triggering a merge or re-index of the data.
MarkLogic 8 and Earlier releases
MarkLogic 8 does not provide support for encryption at rest for its own forests.
Using Amazon S3 Encryption For Backups
If you are hosting your data locally, would like to back up to S3 remotely, and your goal is that there cannot possibly exist unencrypted copies of your data outside your local environment, then you could backup locally and store the backups to S3 with AWS Client-Side encryption. MarkLogic does not support AWS Client-Side encryption, so this would need to be a solution outside MarkLogic.
See also: MarkLogic documentation: S3 Storage.
See also: AWS: Protecting Data Using Encryption.