Hi,
I wanted to know the commit log thats written to the disk is it easily accessible or is it secured and cannot be read easily ? Also is it encrypted ?
Bringing together the Apache Cassandra experts from the community and DataStax.
Want to learn? Have a question? Want to share your expertise? You are in the right place!
Not sure where to begin? Getting Started
Hi,
Later versions of Cassandra provide transparent data encryption for commitlog and hints out of the box. To enable, see the following section in the cassandra.yaml (here from Cassandra 3.11.6)
# Enables encrypting data at-rest (on disk). Different key providers can be plugged in, but the default reads from
# a JCE-style keystore. A single keystore can hold multiple keys, but the one referenced by
# the "key_alias" is the only key that will be used for encrypt opertaions; previously used keys
# can still (and should!) be in the keystore and will be used on decrypt operations
# (to handle the case of key rotation).
#
# It is strongly recommended to download and install Java Cryptography Extension (JCE)
# Unlimited Strength Jurisdiction Policy Files for your version of the JDK.
# (current link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)
#
# Currently, only the following file types are supported for transparent data encryption, although
# more are coming in future cassandra releases: commitlog, hints
transparent_data_encryption_options:
enabled: false
chunk_length_kb: 64
cipher: AES/CBC/PKCS5Padding
key_alias: testing:1
# CBC IV length for AES needs to be 16 bytes (which is also the default size)
# iv_length: 16
key_provider:
- class_name: org.apache.cassandra.security.JKSKeyProvider
parameters:
- keystore: conf/.keystore
keystore_password: cassandra
store_type: JCEKS
key_password: cassandra
Here is the jira that asked for the option to encrypt the commitlog:
https://issues.apache.org/jira/browse/CASSANDRA-6018
Hope this helps!
Hello,
Thanks for the information , I was asked in the interview this question whethe the commit log can be read ? What would be the answer fot this ? Is commit log readable ?
The contents of the commitlog/
directory (commitlog segments) are not easily accessible to users. You can't just read the contents of the files since they are in binary format and there are no out-of-the-box tools available to parse them.
You can however write a Java app to read the contents similar to the way the CommitLogReader.java
and CommitLogReplayer.java
does since the code for the reader and for the replayer are open-source. Cheers!
6 People are following this question.
Why does commitlog replay result in CommitLogReadException?
How can we relocate Cassandra nodes to a new location without downtime?
Does each datacenter have its own token range?
What is the difference between listen_address and broadcast_address?
Does it matter which source DC is used with nodetool rebuild when adding more DCs?
DataStax Enterprise is powered by the best distribution of Apache Cassandra ™
© 2022 DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.
Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.
Privacy Policy Terms of Use