Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to implement data encryption at rest for MongoDB Community Edition?

I've gone through MongoDB docs that explain how to configure encryption which is available in MongoDB Enterprise only.

How to implement data at rest in MongoDB Community Edition v3.4?

like image 369
Temp O'rary Avatar asked Jan 03 '23 08:01

Temp O'rary


1 Answers

I was asking the same question to myself just few month ago. This is a list of options I have found so far:

  • encrypt storage volumes on the file system level. It is what Atlas offers, and most of cloud providers support: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html, https://learn.microsoft.com/en-us/azure/security-center/security-center-disk-encryption to name a few. Combined with cloud key management it is the simplest way IMHO. The same can be achieved for on-premises storages for most operation systems. Please ask how to do that in relevant StackExchange community providing enough details about underlying OS.

  • Percona MongoDB server has some enterprise features, including audit and encryption. IIRC it uses disk encryption provided by OS, so it's basically the same as the previous one.

  • encrypt sensitive data on application level. e.g. https://www.openssl.org/docs/manmaster/man1/rsautl.html. It is a bit more flexible, but you will loose some features like full text search and sorting index on encrypted fields.
    Update: An advanced version of this method became available as Client-Side Field Level Encryption (CSFLE) to Enterprise and Atlas users since v4.2

  • buy enterprise license. Does not answer the question directly, yet may be more cost-efficient comparing to the previous options.

like image 172
Alex Blex Avatar answered Jan 13 '23 14:01

Alex Blex