Encryption

Security has been considered since the very beginning of Warp 10, this is largely reflected in the token mechanism in place to access the Storage Engine, but there are other security measures in place elsewhere.

Storage encryption

The Warp 10 Storage Engine can use AES Key Wrapping encryption to secure sensitive information such as Geo Time Series metadata and/or Geo Time Series datapoints.

The encryption of metadata is on by default and does not induce any noticeable performance penalty.

The encryption of datapoints is off by default as it does have both a storage footprint and performance impact.

The GTS metadata are also ciphered when written temporarily to disk as part of a /fetch request.

Communication security

In the Distributed version of Warp 10, various processes exchange messages via Kafka. Encryption and integrity mechanisms can be enabled to ensure that sensitive information is not accessible on the Kafka nodes or that rogue or corrupted data are consumed by Kafka clients.

These mechanisms can be set on or off at will but you need to ensure a topic is first flushed before changing its parameters.

Secure scripts

WarpScript code can be encrypted using a mechanism known as secure scripts. This ensures that sensitive information (tokens for example) are not visible even though they can be used, see EVALSECURE.

Cryptographic configuration

Configuration of the various cryptographic keys described above is done in the Warp 10 configuration file. Look for properties with the terms hash or aes and read the associated description to decide which security mechanisms you want to enable.