I would like to have an option to encrypt/hash certain fields of a specific sourcetype in an index. I would prefer to not use an encrypted fileystem at this time, since this is not a supported option internally. I have a requirement to have specific fields encrypted when stored on disk or in a DB.
I understand that I can mask values at index or search time, but neither of these options meets my requirements. Any suggestions? Is this option a planned enhancement?
You may want to download this add-on. It provides a pre-processor to encrypt a file's data based on your regex before it is indexed and a decrypt command to decrypt the field at search time provided you also give it the same unique key you used with the encryption. It uses DES.