Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Error when enabling data encryption using local key MONGODB

Tags:

security

mongodb

ssl

encryption

bigdata

I have successfully encrypted the communication in mongoDB but when I try to enable the data encryption I'm getting errors. I am using the enterprise edition of mongoDB with version 3.2.4. I get the following message in the console:

ERROR: child process failed, exited with error number 14

But when I look at the logs I see detailed error as follows:

Unable to retrieve key .system, error: there are existing data files, but no valid keystore could be located.
Fatal Assertion 28561

following is the snippet of my config file:

# enable authentication
security:
  authorization: enabled
  enableEncryption: true
  encryptionKeyFile: /home/test/mongodb-keyfile

It works fine without the enableEncryption, and encryptionKeyFile parameters. Could anyone explain what i'm missing here? thanks!

like image 727
Gurkha Avatar asked Apr 06 '16 15:04

Gurkha

People also ask

Which encryption techniques are supported by MongoDB?

MongoDB supports TLS/SSL (Transport Layer Security/Secure Sockets Layer) to encrypt all of MongoDB's network traffic. TLS/SSL ensures that MongoDB network traffic is only readable by the intended client.

Can we encrypt data in MongoDB?

MongoDB Enterprise 3.2 introduces a native encryption option for the WiredTiger storage engine. This feature allows MongoDB to encrypt data files such that only parties with the decryption key can decode and read the data.

Does MongoDB support encryption at rest?

MongoDB Atlas has built-in encryption at rest for disks by default with every node in your cluster. However, you can enable Encryption At Rest from the WiredTiger storage engine as well.

How do I encrypt a field in MongoDB?

Enforce Field Level Encryption Schema Starting with MongoDB 4.2, the server supports using schema validation to enforce encryption of specific fields in a collection. Use the automatic encryption rule keywords with the $jsonSchema validation object to indicate which fields require encryption.

1 Answers

MongoDB's encrypted storage engine supports two key management options:

  • Key Manager : Integration with third party key management appliance via the Key Management Interoperability Protocol (KMIP).
  • Local Key: Use of local key management via a keyfile.

Worth mentioning that using a key manager meets regulatory key management guidelines and is recommended over the local key management.

If you are using Key Manager option, please see KMIP Master Key Rotation.

Since you are using the Local Key option, if you have a Replica Set deployment you could rotate the replica set member. This would re-sync data from the un-encrypted to the encrypted mongod.

Alternatively if you only have a standalone mongod, you could:

  1. Back Up your database files.
  2. Stop mongod process.
  3. Delete or move existing database files in dbpath. Exercise extra caution! - If you are deleting, make sure you have a backup data.
  4. Restart mongod with --enableEncryption and --encryptionKeyFile.
  5. Restore backup files to the restarted and encrypted mongod.

As an example, you could use mongodump to dump the data, and use mongorestore to restore the dump files.

Lastly, note that MongoDB Enterprise edition is a commercially supported product. I'd suggest opening a support case if you have a Commercial Support subscription.

like image 181
Wan Bachtiar Avatar answered Oct 15 '22 04:10

Wan Bachtiar
Sign in to Comment

Related questions

What happens when mongodb is out of memory?
mongo using subcollection
Why is the database of a Meteor app that has been run once (and never loaded) taking up nearly 3GB?
MongoDB shell: reading a line from the console
What is a good MongoDB document structure for most efficient querying of user followers/followees?
Is it bad practice to use a mongo ObjectId as a user's id?
Spring -Mongodb storing/retrieving enums as int not string
Mongoosejs refresh a document
Finding highest value from sub-arrays in documents
Run mongodb script once to insert initial data
How to interpret the lastErrorObject properties returned from MongoDB?
MongoDB query : $near with aggregation
How to get ReferenceField data in mongoengine?
How to - multiple Meteor apps on single MongoDB - same collections?
Passing callback function to mongoose aggregate function
How to remove a document from the capped collection?
MongoDB find value in list of lists
mongoimport stuck at same point while importing a JSON file
MongoDB $lookup: Limitations & Usage
How to continue insertion after duplicate key error using PyMongo

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!