I understand that CockroachDB supports storage level encryption. However I would like to run multiple client DBs encrypted with client specific keys. Is it possible to achieve DB level encryption in CoackroachDB? Can I for instance use separate storage volumes with different keys for each DB under 1 and the same Cockroach cluster?
0
votes
1 Answers
0
votes
Based on this document - Encryption is performed in the storage layer and configured per store. All files used by the store, regardless of contents, are encrypted with the desired algorithm.
You can read about the relationship between the store keys and data keys in there as well.
Since CockroachDB is a distributed database, data is replicated multiple times (for quorum and data resilience) which means that a database content can have copies on multiple nodes.
Could you tell me more about your use case for using different keys for each database?
I also recommend opening an issue on the github repo so perhaps one of the storage engineers could answer your question.
