Understanding Data Encryption on QDS¶
Command metadata and results are stored in the user’s Cloud Storage. To speed up access - by default - these are also cached on QDS servers.
- Metadata for one day that is 24 hours
- Command results for 7 days
- Notebook paragraph-results for 30 days
QDS provides encryption mechanisms to protect the data.
Encrypting Cached Data (AWS)¶
Create a ticket with Qubole Support to enable encryption of results while fetching them from the object storage, though it might slow down the data retrieving process as QDS would not be caching the results onto cache.
There is no option to disable Metastore caching and read-only Notebooks are always cached with encryption on.
Encrypting Data on Amazon S3¶
Qubole supports protecting data on Amazon S3 through encryption mechanisms. It supports the server-side and client-side encryption as described in Enabling Data Encryption in QDS.
Encrypting Ephemeral Data on QDS Clusters¶
On the QDS clusters, you can encrypt data on Ephemeral HDFS as described in Enabling Encryption of Ephemeral Data in QDS Clusters.
To enable encryption on the ephemeral drives through a Cluster REST API, see security_settings.