question avatar image asked Erick Ramirez answered

How do I setup Vormetric Application Encryption with DSE?

Ho to enable ENABLE APP Level Encryption in spring data application using VAE when No SSL, No DB TDE

for client - to node encryption : Cassandra server side ssl disabled / No DB TDE - trying to have app level encryption enabled using Vormetric Application Encryption (VAE) in DataStax platform - can someone point me to a sample implemenation of the above scenario

10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

The link you provided ( appears to be obsolete. It might have something to do with Thales acquiring Vormetric a few years ago.

In any case, my understanding is that Vormetric Application Encryption provides a KMIP-compliant centralised key management solution among other things. Quoting the Thales website:

Vormetric Application Encryption delivers key management, signing, and encryption services enabling comprehensive protection of files, database fields, big data selections, or data in platform-as-a-service (PaaS) environments. ... Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution while providing secure key management. Development options include a comprehensive, traditional software development kit for a wide range of languages and operating systems as well as a collection of RESTful APIs for the broadest platform support.

The last part of that quote about "development options" relates to you incorporating VAE's features in your application. That's up to you on how you implement that in your app since it doesn't have anything to do with the database.

As far as KMIP and a centralised key management service is concerned, the only aspect of DataStax Enterprise which allows you to use the service is to store encryption keys on a KMIP-compliant host for use with Transparent Data Encryption (TDE).

You've already mentioned that you are not using the TDE feature in DSE so you're left with implementing VAE within your application. Cheers!

10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.