Show/Hide Toolbars

MongoDB Notes

Navigation: Encrypting the Database

Encrypting the Database with a Key Manager

 Scroll Prev Top Next More

 

In this procedure, you will encrypt the database of a single instance of MongoDB using KMIP key manager.  This procedure uses the PyKMIP implementation in Python.  This implementation is acceptable for testing, but is not safe for a production environment.

 

1.Launch mongod with the configuration file shown below:

 

mongod -f cf.yaml

 

Example Configuration File

 

systemLog:

  destination: file

  path:  /home/vagrant/data/mongodb.log

storage:

  dbPath: /home/vagrant/data 

processManagement:

  fork: true

security:

  authorization: disabled

  enableEncryption: true

  kmip:

    serverName: infrastructure.m310.mongodb.university

    serverCAFile: /home/vagrant/shared/certs/ca.pem

    clientCertificateFile: /home/vagrant/shared/certs/client.pem

net:

  bindIp: database.m310.mongodb.university

  port: 31260

 

Issues

 

When setting the serverCAFile and clientCerficateFile, be sure to use full path names, not relative path names.

 

Reference

 

PyKMIP