Encrypting Order Service data

You can implement data encryption across various levels.

DIME

In Data in Motion Encryption, you ensure that data encryption is enabled at the following levels.
Data encryption properties for DIME

Use the following table to refer to the data encryption properties.

Property name Description
ssl_order_service_encryption_disable The default value for this field is true. To enable SSL, first configure the settings for Cassandra, Elasticsearch, and Vert.x. Then, either unset the default value for this field or set the value to false.
ssl_cassandra_disable By default, this property is unset. If you want to disable SSL on Cassandra, set this value to true.
ssl_elasticsearch_disable By default, this property is unset. If you want to disable SSL on Elasticsearch, set this value to true.
ssl_vertx_disable By default, this property is unset. If you want to disable SSL on Vert.x, set this value to true.
Important: If ssl_order_service_encryption_disable is set to false, the component property overrides the primary property. If the respective component property is left unset (the default setting), then SSL is enabled for that component. If the component property value is set to true, only then SSL is disabled for that component. However, if ssl_order_service_encryption_disable is set to true, and the respective component property is either unset (the default setting) or set to false, then the primary property value overrides the value for the component properties and SSL is disabled on Order Service.

DARE

In Data at Rest Encryption (DARE), you ensure that data encryption is established at the following levels.
  • It is recommended that you use dm_crypt for file encryption. However, you can choose any other encryption solutions according to your business needs.
  • You can use any standard log-streaming solutions and mask your sensitive information by using the respective tool's filters.