Hi All,
We are evaluating Apache Pinot around the...
# generalv
Vibhor Jain
08/05/2021, 2:49 PMHi All,
We are evaluating Apache Pinot around the security posture and wanted some info around the same. For encrypting Personally Identifiable Information (PII) data at rest, we need to handle this at two places.
1. Completed segments sitting on Pinot servers.
2. Segments sitting in Deep store say HDFS (looks like Pinot supports this)
Is there any support from Pinot for segments sitting on the server's disk?
On the Github issue, we see https://github.com/apache/pinot/issues/5762 that talks about this and is still open.
k
Kishore G
08/05/2021, 3:06 PM
not as of now. Pinot uses mmap and avoids loading data into java heap. Adding encryption for segments on disk will impact performance. Can you please add your requirements to the issue
d
Daniel Lavoie
08/05/2021, 4:49 PMI would add to what kishore said that depending on the type of encryption you are looking for you might get away with S3 native encryption and physical disk encryption.
Pinot is not aware of the encryption since it is provided at the S3 and infrastructure level. This guarantees that anyone in the datacenter stealing hardware will not be able to decrypt your data. Anyone with Pinot access is however able to read the data because this is transparent.
v
Vibhor Jain
08/06/2021, 2:20 PMThanks for the confirmation @User and @User