Allow for pre-queue encryption and post-queue decryption of log messages
Description
Gliffy Diagrams
Activity
Show:
Nick Ethier October 7, 2013 at 8:40 AM
This would be best implemented as a codec.
Jordan Sissel February 15, 2013 at 8:58 PM
Solutions available today for securing transit: lumberjack and rabbitmq. lumberjack requires ssl/tls, rabbitmq has optional support for it.
As discussed on the mailing list, I'm happy to support something like this, but I want to do it correctly since broken encryption systems are the same as plain text.
As a way around insecure queueing protocols (like Redis), if Logstash could encrypt messages before they hit the queue and then decrypt them when they are pulled from the queue, it would really help. Not only would your transmission of data be more secure, but you also automatically validate that no "rogue" data has made it into the queue that will be processed. If the data cannot be decrypted, it gets dropped and ignored.