I'm new to Datastax Cassandra, but we have a use case where we need to be able to lookup customers by their E-mail address. But e-mail address is private data, so it must be encrypted at rest.
From what I've read about Cassandra/Datastax, it seems that TDE does not encrypt fields that are part of a primary key. Does this also apply to things like materialized views? Is there any other mechanism that would allow me to find a customer by e-mail address while having e-mail address be encrypted by Cassandra?
I suppose I could store a hash of the e-mail address instead of the actual e-mail address, and then query by the hash. But that's making TDE less transparent in a sense.
Thanks! :)
Yes, TDE doesn't encrypt the partition key, but will encrypt clustering columns.
So in your case, you're right - you can lookup by hash of email, and have plain-text email as one of the columns...