Configuration of Cloaked Search
The configuration of Cloaked Search is done primarily through a config file which is read by the docker container.
Cloaked Search’s configuration must be mounted into the docker container at
/app/deploy.yml. This configuration has the following form:
es_url: "https://myelastic-search:9200" standalone_keys: - id: <ARBITRARY_KEY_ID> key: <HIGH_ENTROPY_STRING> primary: true tenant_id_field: <FIELD_WITH_TENANT_ID> indices: - name: <INDEX_1> fields: - name: <FIELD_1> - name: <FIELD_2> - name: <INDEX_2> fields: - name: <ANOTHER_FIELD_1> - name: <ANOTHER_FIELD_2>
This is the url for the Elasticsearch you want to proxy. It should be fully specified as a Url and can include a port number if desired.
The master key for the Cloaked Search installation. The master key is used to derive search hashes and KEKs (Key Encryption Keys) for encrypting the per-document keys. This key generation algorithm produces different encryption keys per tenant as well as different search hashes for each tenant/index/field combination. As such, it is not used directly as a cryptographic key, but should still have high entropy. Support for rotating this key is planned, but is not available yet.
These keys should be between 32 and 64 characters.
standalone_keys: - id: the-one-key key: 31e1cd1baebe933b4b7947bd8bd37fc25ff2fa050477ae27cb13488ef7a87da8 primary: true
Specifies the field which identifies the document’s associated tenant. This field will be used as a way to silo results and must be specified on every document search that includes a protected field. If the
tenant_id_fieldisn’t present on a document when indexing, it will not be encrypted.
This defaults to
tenant_idif not specified.
A list of indices and fields which will be protected.
indices: - name: index1 fields: - name: title - name: summary - name: index2 fields: - name: name - name: ssn
Each field will be indexed in the same way that Elasticsearch does by default. The support to change analyzers will be coming soon.
Once this configuration is set for an index, changing it will require re-indexing the entirety of the index as the protected field tokens are written when the document is put into the index.
If you'd like to play with Cloaked Search and see what’s happening under the hood, see our Cloaked Search in 5 minutes which shows you exactly what’s happening.
Cloaked Search is available on our public docker repository and can be pulled using:
docker pull gcr.io/ironcore-images/cloaked-search:latest
In order to start it, the config file must be mounted. Assuming that you have
cloaked-search-conf.ymlin your current directory the following will get the cloaked-search proxy running.
docker run --init --mount type=bind,src="$(pwd)"/cloaked-search-conf.yml,target=/app/deploy.yml gcr.io/ironcore-images/cloaked-search:latest