Reputation: 21
Data encryption at AWS QLDB
I am currently comparing different solutions for an immutable database, such as Blockchain or AWS QLDB. AWS QLDB looks very interesting for me, but I have a question about how the data is stored at Amazon: Can Amazon see the data, I put on the QLDB, in plain text (so they could use it for other purposes) or are they encrypted so that only users with a private key can see the content? The encryption Amazon talks about on their homepage seems to refer to the hashing of the journals to make it immutable, and not to the data itself..?
Thank you in advance
Upvotes: 2
Views: 293
Answers (1)
Reputation: 1602
With the general availability announcement on 9/10/29, this question is now answered in the FAQ of Amazon QLDB.
Q. How does encryption work in Amazon QLDB?
Yes. By default, all data in transit and at rest is encrypted. Today, Amazon QLDB does not support customer managed CMKs (Customer Master Keys). Amazon QLDB uses AWS-owned keys to encrypt customer data.
So no, Amazon will not yet allow you to use customer managed keys from KMS to encrypt the data in your ledger. I'm sure this is only a matter of time before this feature is available though.
It is worth noting that hashing is not a type of encryption. In QLDB, the hash value of each journal entry (and including the hash of the previous entry) is stored alongside that entry's data. This is available in plaintext. If AWS managed keys are used, then Amazon has access to your data.
Upvotes: 2
Related Questions
- AWS QLDB - GDPR support
- Enable encryption on existing database - AWS RDS Postgresql
- Server Side encryption in Dynamodb table
- Securing/Encrypting Database Password on AWS EC2
- AWS DynamoDB Encryption - Ruby
- Add encrypted database to elastic beanstalk
- Data encryption at REST on aws EBS
- How does encryption works between aws ELB and instances
- Is my encrypted AWS database really encrypted?
- Confused about encrypted EBS volume