As a user of OpenDJ I would like the content of the replication change log files to be encrypted in order to protect sensitive data at rest.
This issue can be closed once it is possible to configure the replication server to encrypt changelog DB files using a user specified encryption algorithm. We should use a sensible default "best practice" algorithm when none is specified by the user. We should also support dynamic configuration changes to the algorithm and even disabling encryption. Therefore, I suggest that encryption be performed on a record by record basis.
Not all data needs to be encrypted. I don't think replica DB keys need encrypting nor does the change number index need any encryption.
Enabling this feature should not have a dramatic impact on performance, although some impact is expected (10% or so?).
OPENDJ-2616 for implementation hints.