Database

MongoDB

5min

MongoDB is a popular, open-source NoSQL database management system. Unlike traditional relational databases which use tables and rows to store data, MongoDB stores data in flexible, JSON-like documents with optional schemas. This provides greater scalability and ease of use and enables you to handle large amounts of structured and unstructured data. With built-in replication and automatic sharding, MongoDB can effortlessly handle the demands of modern applications, making it an ideal choice for businesses looking to manage and analyze large amounts of data in real-time. In addition, its robust security features and scalability make it a great choice for enterprise-level applications.

KMIP

The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. You can create keys on a server and then retrieve them, possibly wrapped by other keys. It supports both symmetric and asymmetric keys and enables you to sign certificates. With KMIP, clients can also ask a server to encrypt or decrypt data, without needing direct access to the key.

MongoDB information

From the MongoDB documentation website:

MongoDB Enterprise 3.2 introduces a native encryption option for the WiredTiger storage engine. Outside MongoDB Atlas (where encryption is handled at the cloud-provider level), encryption is only available for enterprise installations that use the WiredTiger Storage Engine. Secure management of the encryption keys is a critical requirement for storage encryption. MongoDB uses a master key that is not stored with the MongoDB installation. Only the master key is externally managed, other keys can be stored with your MongoDB instance. The MongoDB encrypted storage engine supports two key management options for the master key:

  • Use of local key management through a keyfile.
  • Integration with a third-party key management appliance through the Key Management Interoperability Protocol (KMIP). Recommended

MongoDB cannot encrypt existing data. When you enable encryption with a new key, the MongoDB instance cannot have any pre-existing data. If your MongoDB installation already has existing data, see Encrypt Existing Data at Rest on the MongoDB site for additional steps.

MongoDB Enterprise supports the secure transfer of keys with compatible key management appliances. Using a key manager enables you tp store the keys in the key manager. MongoDB Enterprise supports the secure transfer of keys with Key Management Interoperability Protocol (KMIP) compliant key management appliances. Any appliance vendor that provides support for KMIP is expected to be compatible.

Integration overview

This guide covers the following tasks:

  1. Configure the KMES Series 3.
  2. Test a connection from MongoDB to the KMES Series 3.
  3. Configure encryption in MongoDB.

The following sections show you how to perform these tasks.

Updated 10 Jul 2024
Did this page help you?
PREVIOUS
Enable TDE in Microsoft SQL Server by using EKM
NEXT
Before you start
Docs powered by Archbee