Interface IgniteEncryption
- 
 public interface IgniteEncryptionDefines encryption features.Ignite provides Transparent Data Encryption of cache data on disk. Encryption features are provided by EncryptionSpiand can be configured viaIgniteConfiguration.setEncryptionSpi(EncryptionSpi). Cache encryption can be enabled viaCacheConfiguration.setEncryptionEnabled(boolean).Instance of IgniteEncryptionis obtained fromIgniteas follows:Ignite ignite = Ignition.ignite(); IgniteEncryption encryption = ignite.encryption(); Two types of keys are involved in data encryption: group and master keys.Group key encrypts data of cache group caches. Each group key is encrypted by the master key. Encrypted group key and encrypted data are written to disk. Ignite provides the ability to change the master key. Master keys are identified by a name (see EncryptionSpi.getMasterKeyName()). Follow operations are available for master key:- Method getMasterKeyName()gets current master key name in the cluster.
- Method changeMasterKey(String)()} starts master key change process.
 
- Method 
- 
- 
Method SummaryAll Methods Instance Methods Abstract Methods Modifier and Type Method Description IgniteFuture<Void>changeCacheGroupKey(Collection<String> cacheOrGrpNames)Starts cache group encryption key change process.IgniteFuture<Void>changeMasterKey(String masterKeyName)Starts master key change process.StringgetMasterKeyName()Gets the current master key name.
 
- 
- 
- 
Method Detail- 
getMasterKeyNameString getMasterKeyName() Gets the current master key name.- Returns:
- Master key name.
 
 - 
changeMasterKeyIgniteFuture<Void> changeMasterKey(String masterKeyName) Starts master key change process.Each node will re-encrypt group keys stored on the disk. NOTE: The new master key should be available to EncryptionSpifor each server node. Cache start and node join during the key change process is prohibited and will be rejected.If some node was unavailable during a master key change process it won't be able to join to cluster with the old master key. The node should re-encrypt group keys during recovery on startup. The actual master key name should be set via IgniteSystemProperties.IGNITE_MASTER_KEY_NAME_TO_CHANGE_BEFORE_STARTUP.- Parameters:
- masterKeyName- Name of the master key.
- Returns:
- Future for this operation.
 
 - 
changeCacheGroupKeyIgniteFuture<Void> changeCacheGroupKey(Collection<String> cacheOrGrpNames) Starts cache group encryption key change process.NOTE: Node join is rejected during rotation of cache group encryption key. Background re-encryption of existing data in the specified cache group(s) begins after the encryption key(s) is changed. During re-encryption, node join is not rejected, the cluster remains fully functional, it is fault-tolerant operation that automatically continues after restart. Secondary rotation of the encryption key of a cache group is only possible after background re-encryption of existing data in this cache group is completed. - Parameters:
- cacheOrGrpNames- Cache or group names.
- Returns:
- Future which will be completed when new encryption key(s) are set for writing on all nodes in the cluster and re-encryption of existing cache data is initiated.
 
 
- 
 
-