It should be possible to configure OpenDJ to encrypt and, in some cases, sign any data at rest. Specifically:
- user data stored in pluggable backends: id2entry, equality index keys (hashed), and possibly substring index values (not keys)
- replication changelog: replica DB records must be encrypted
- Import / Export (sign, hash, and/or encrypt)
- hashing and signing of the changelog in order to detect tampering
- encryption of the access log. Note that CAUD provides some support for tamper detection
- encryption of configuration files, e.g. config.ldif.