I need to store some sensitive data in Cassandra and require it to be encrypted at rest. Is it likely Cassandra would function normally on top of a Linux encrypted file system (something like the open source TrueCrypt product)?
The other alternative available is to do the encryption at the application layer before sending the data to Cassandra but that entails writing plumbing code, and security plumbing code at that, which it would be good to avoid if at all possible.
Best Answer
Great question! There's a handful of ways of doing this, depending on how deeply you want to be involved in the configuration and long term maintenance. You certainly could use Cassandra on top of an encrypted filesystem, such as TrueCrypt or eCryptfs, and it should function normally.
While possible, it's a little complicated to set up encrypted filesystem and enforce a secure key management scheme. Gazzang offers a commercial product built on top of eCryptfs which provides a turnkey Encryption & Key Management Platform that would keep all of your Cassandra data secure, without requiring any changes to your existing database applications. Gazzang has a custom-tailored "jumpstart" documentation for Cassandra that simplifies and assist in your encryption/security implementation for Cassandra.
Full disclosure: I am employed by Gazzang.