Enabling Encryption of Data at Rest
About this task
Enable or disable data-at-rest encryption at the volume level using the Control System, CLI, and REST API if encryption of data at rest is enabled at the cluster level. If you installed using the MapR Installer and selected the Enable DARE option, the cluster is automatically enabled for data-at-rest encryption during installation.
mapr.volume.dare.default
configuration parameter. If you do not
wish to encrypt data at rest in a volume, you can disable encryption when you create
a volume. You cannot modify the data-at-rest encryption setting on a volume after
the volume is created. For more information, see the following later on this
page:Standard volumes inherit the data-at-rest encryption setting from a volume by default
if the inherit
property is specified. If you create a mirror volume
for a source volume enabled for data-at-rest encryption, the mirror volume:
- Inherits the data-at-rest encryption setting from the source volume if the mirror volume is in the same cluster as the source volume or if the mirror volume is on a remote cluster enabled for encryption of data at rest.
- Does not inherit the data-at-rest encryption setting from the source volume if the mirror volume is on an unsecure cluster, or if the mirror volume is on secure cluster that is not enabled for encryption of data at rest.
true
for the dare
property after
creating the mirror volume.This section describes how to enable data-at-rest encryption at the volume level.
Enabling or Disabling Data-at-Rest Encryption at the Volume Level Using the Control System
About this task
To enable or disable data-at-rest encryption for a new volume using the Control System:
Procedure
- Log in to the Control System and click .
- Click Create Volume to display the Create New Volume page.
-
Select volume type, specify values for required and optional
properties, and set the value for the Data at Rest
Encryption property to Yes
(to enable) or No (to disable).
See Creating a Volume for more information.
- Click Create Volume to create a volume enabled for encryption of data at rest.
Enabling or Disabling Data-at-Rest Encryption at the Volume Level Using the CLI and REST API
About this task
dare
parameter to one of the
following when you create the volume:true
to enable data-at-rest encryption.NOTEtrue
is the default value.For example:maprcli volume create -name <volName> -path <volMountPath> [-dare true]
false
to disable data-at-rest encryption.For example:maprcli volume create -name <volName> -path <volMountPath> -dare false
dare
parameter to one of the following when you
create the volume:true
to enable data-at-rest encryption.NOTE This is the default value.For example:curl -k -X POST 'https://abc.sj.us:8443/rest/volume/create?name=<volName>&path=<volMountPath>[&dare=true]' --user mapr:mapr
false
to disable data-at-rest encryption.For example:curl -k -X POST 'https://abc.sj.us:8443/rest/volume/create?name=<volName>&path=<volMountPath>&dare=false' --user mapr:mapr
volume create
for
more information.