Data at rest encryption¶
Data encryption at rest was introduced in Percona Server for MongoDB 3.6 to maintain compatibility with MongoDB’s encryption interface. Percona Server for MongoDB does not support Amazon AWS Key Management Service (KMS). Instead, it offers the following key management integrations:
- Integration with HashiCorp Vault for secure key management.
- Support of secure key transfer via the Key Management Interoperability Protocol (KMIP). It allows users to store encryption keys in their favorite KMIP-compatible key manager when they set up encryption at rest.
Workflow¶
Important
You can only enable data at rest encryption and provide all encryption settings on an empty database, when you start the mongod instance for the first time. You cannot enable or disable encryption while the Percona Server for MongoDB server is already running and / or has some data. Nor can you change the effective encryption mode by simply restarting the server. Every time you restart the server, the encryption settings must be the same.
Each node of Percona Server for MongoDB generates a random, individual key for every database. It encrypts every database with an individual key and puts those keys into the special, so-called key database. Then each node of Percona Server for MongoDB randomly generates a unique master encryption key and encrypts the key database with this key.
Thus, two types of keys are used for data at rest encryption:
-
Database keys to encrypt data. They are stored internally, near the data that they encrypt.
-
The master key to encrypt database keys. It is kept separately from the data and database keys and requires external management.
To manage the master encryption key, use one of the supported key management options:
-
Integration with an external key server (recommended). Percona Server for MongoDB is integrated with HashiCorp Vault for this purpose and supports the secure transfer of keys using Key Management Interoperability Protocol (KMIP).
Note that you can use only one of the key management options at a time. However, you can switch from one management option to another (e.g. from a keyfile to HashiCorp Vault). Refer to Migrating from Key File Encryption to HashiCorp Vault Encryption section for details.
Important configuration options¶
Percona Server for MongoDB supports the encryptionCipherMode option where you choose one of the following cipher modes:
-
AES256-CBC
-
AES256-GCM
By default, the AES256-CBC cipher mode is applied. The following example
demonstrates how to apply the AES256-GCM cipher mode when starting the
mongod service:
$ mongod ... --encryptionCipherMode AES256-GCM
See also
MongoDB Documentation: encryptionCipherMode Option
Encryption of rollback files¶
Percona Server for MongoDB encrypts rollback files when data at rest encryption is enabled. To inspect the contents of these files, use perconadecrypt. This is a tool that you run from the command line as follows:
$ perconadecrypt --encryptionKeyFile FILE --inputPath FILE --outputPath FILE [--encryptionCipherMode MODE]
When decrypting, the cipher mode must match the cipher mode which was used for
the encryption. By default, the --encryptionCipherMode option uses the
AES256-CBC mode.
Parameters of perconadecrypt¶
| Option | Purpose |
|---|---|
–-encryptionKeyFile |
The path to the encryption key file |
--encryptionCipherMode |
The cipher mode for decryption. The supported values are AES256-CBC or AES256-GCM |
--inputPath |
The path to the encrypted rollback file |
--outputPath |
The path to save the decrypted rollback file |
Check encryption status¶
You can check the encryption status and the current configuration using the following command:
> db.serverStatus().encryptionAtRest
Expected output
{
encryptionEnabled: true,
encryptionCipherMode: 'AES256-CBC',
encryptionKeyId: 'local'
}