MongoDB database encryption

Question

I'm looking to design a webapp which stores private information securely using MongoDB. I would like to encrypt the entire database but it looks like it's not supported. What routes can I take to encrypt my database?

Answer 1

MongoDB 3.2 (Released in November 2015) offers an encrypted storage engine. No need to use third party APIs to encrypt your data before insertion or encrypt the whole drive. You can find more details here. However, note that it is only offered for the Enterprise edition only.

It works with the WiredTiger storage engine, which has been the included as an alternative to the default MMAPv1 storage engine since 3.0. If your database is still using MMAPv1, read this guide for the steps to convert a database from MMAPv1 to WiredTiger.

As Fernando Paz noted in the comments, the encrypted storage is only available in MongoDB Enterprise edition.

Answer 2

Great question! With Big Data on the rise, securing data at rest is more important than ever!

MongoDB doesn't support this directly, but Gazzang's Encryption & Key Management Platform has been specifically tailored for MongoDB (though it works with other NOSQL database systems too). It's is a commercial solution built on top of the open source eCryptfs encrypted filesystem in Linux, and it performs the encryption on the underlying filesystem in a way that security is maximized with minimal adverse effects on performance.

With customizable Access Control Lists, your unencrypted MongoDB data will only be accessible by users or processes of your choice. Check out this Big Data Security whitepaper or visit www.securingbigdata.com for more information.

Full disclosure: I'm employed by Gazzang.