I'm working on a project investigating the use of encryption at rest on a content store. Further to this we have some requirements that align to the feature of the Aggregating Content Store implementation. With the latter we have an additional requirement of NOT having content stores configured in an XML file, rather it would be desirable if an system administrator could somehow configure additional stores in some sort of configuration management service (e.g zookeeper or properties file decoupled from the war file).
Can someone assist with answering the following questions:-
- How does one go about practically encrypting an existing content store AFTER the encryption module is installed?
- What happens at a node level and with the content properties with the process of encrypting legacy content (as I understand only NEW content is encrypted after the module is applied)?
- Does the aggregating content store implementation support aggregated encrypted content stores?
The background is that some organisations consume storage solutions that are capped at a certain size and when that ceiling is reached we would need to procure new storage and declare it on the deployment instance. We would NOT want to do another software release for this. Further to this encryption at rest is a baseline requirement for our project.