Encryption at rest
03 June 2021 04:19 PM
Does MarkLogic provide encryption at rest?
MarkLogic 9 introduces the ability to encrypt 'data at rest' - data that is on media (on disk or in the cloud), as opposed to data that is being used in a process. Encryption can be applied to newly created files, configuration files, or log files. Existing data files can be encrypted by triggering a merge or re-index of the data.
For more information about using Encryption at Rest, see Encryption at Rest in the MarkLogic Security Guide.
MarkLogic 8 and Earlier releases
MarkLogic 8 does not provide support for encryption at rest for its own forests.
Memory consumption patterns will be different when encryption is used:
Using Amazon S3 Encryption For Backups
If you are hosting your data locally, would like to back up to S3 remotely, and your goal is that there cannot possibly exist unencrypted copies of your data outside your local environment, then you could backup locally and store the backups to S3 with AWS Client-Side encryption. MarkLogic does not support AWS Client-Side encryption, so this would need to be a solution outside MarkLogic.
See also: MarkLogic documentation: S3 Storage.
See also: AWS: Protecting Data Using Encryption.