HDFS data at rest encryption

HDFS data at rest encryption allows HDFS data to be stored in encrypted directories called encryption zones. All files within an encryption zone are transparently encrypted and decrypted on the client side, meaning decrypted data is never stored in HDFS.

You can enable this in your Hadoop cluster and then configure BDD to store its Dgraph databases, Avro files, and other data in encryption zones. This ensures that your BDD data will be safe even if HDFS is compromised.

Important: Enabling HDFS data at rest encryption for BDD only means that your data will be encrypted while it's stored on HDFS. Files are automatically decrypted when BDD components read them and re-encrypted when they're written back to HDFS, but they aren't encrypted while they're being handled by BDD components.

For more information on configuring HDFS data at rest encryption for BDD, see the Installation Guide.