Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Configuring Encryption at Rest - Mongo DB

RSS
Modified on Wed, Jul 13, 2016, 1:15 PM by Administrator Categorized as Mongo DB

Overview

This article provides the steps to take to configure encryption at rest for Mongo DB.

Procedure

1. Edit /etc/mongod.conf Add the following

security:
  enableEncryption: true
  encryptionKeyFile: /mongo/keys/mongod.key

2. Create the /mongo/keys directory and change its owner

mkdir /mongo/keys
chown mongod:mongod /mongo/keys/

3. Generate an encryption key

openssl rand -base64 32 > /mongo/keys/mongod.key

4. Adjust security on the encryption key

chmod 600 /mongo/keys/mongod.key
chown mongod:mongod /mongo/keys/mongod.key

5. If it's running, stop the Mongo DB service

service mongod status
service mongod stop

6. Delete or re-key the data If you're starting with a fresh Mongo DB install delete the data files.

DANGER: THIS COMMAND WILL FORCIBLY DELETE ALL FILES IN THE INDICATED FOLDER WITHOUT CONFIRMATION!

cd /mongo/data
rm -fr /mongo/data/*

If you're enabling/changing encryption for an existing Mongo DB instance, re-key the data.

TODO

7. Start the Mongo DB service

service mongod status
service mongod stop
service mongod start

8. Troubleshoot the Mongo DB service

If the Mongo DB service fails to start, troubleshoot it by viewing the log file

view /mongo/log/mongod.log

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2018, Patrick Jasinski.