Encrypting data at rest

I wonder if manticore supports encrypting data at rest.

yes you could use https as described at the manual Manticore Search Manual: Security

No. What you referred to is encryption in transit, ie. securing the network traffic via tls. However, I’m interested in storing the data on the disk encrypted, ie. encryption at rest.

Manticore doesn’t support data-at-rest encryption. You can use dm-crypt or LUKS + proper permissions instead.

Thank you for the clarification. Any future plans, like mariadb has such feature?

We conducted research in the past and concluded that, for the sake of performance, it is better to let dm-crypt/LUKS handle the job. The default Manticore row-wise storage relies heavily on attribute values being in memory. This means that:

  • we would need to decrypt all values on searchd start, resulting in a longer start time, higher RAM consumption, and reduced security since all data would be still stored in the process’ memory unecrypted
  • or decrypt values on the fly, resulting in significantly higher latency for full-scan queries.

It would be different for the columnar storage, since it doesn’t require attributes to be in RAM, but the performance would still be affected. In general it’s a nice feature to add to the columnar storage, however we don’t have in our nearest plans.