I am new to OrientDB and working on database encryption. Can anyone please guide me about followings: How to encrypt database in OrientDB? and more importantly, can we execute quires on the encrypted database?
I tried to enable AES encryption but didn't see any encryption outcome. At the end, it allows database connection, where contents are unencrypted even with an incorrect encryption key.
According to the documentation, I performed following steps to enable database encryption:
------- create database with key1 ------
config set storage.encryptionKey Ohjojiegahv3tachah9eib==
create database remote:localhost/databases/encrypted-db root 12345 plocal
document -encryption=aes
CREATE CLASS Customer
CREATE PROPERTY Customer.id integer
CREATE PROPERTY Customer.name String
CREATE PROPERTY Customer.age integer
INSERT INTO Customer (id, name, age) VALUES (01,'satish', 25)
INSERT INTO Customer SET id = 02, name = 'krishna', age = 26
INSERT INTO Customer CONTENT {"id": "03", "name": "kiran", "age": "29"}
INSERT INTO Customer (id, name, age) VALUES (04,'javeed', 21), (05,'raja', 29)
SELECT FROM Customer
disconnect
------- open encrypted database with key2 (different from key1) ------
config set storage.encryptionKey Ohj11iegahv3tac1111111==
CONNECT remote:localhost/databases/encrypted-db root 12345
SELECT FROM Customer
OrientDB will show original data of Customer CLASS.
Encryption at rest is not supported on remote protocol yet. It can be used only with plocal. So you're using a non-encrypted database. The documentation wasn't very clear about that, sorry. I'm fixing the docs right now.