Subscribe to the
Percona Newsletter

Subscribe Now!
  Wednesday, August 19, 2020    Michał Nosek, Stephen Thorn

Join Stephen Thorn and Michał Nosek, Percona Technical Experts, as they discuss MongoDB Encryption at Rest.

This hands-on workshop will walk through the process of setting up data-at-rest encryption in Percona Server for MongoDB (PSMDB). Data-at-rest encryption is one of the methods used to secure database deployments from unauthorized data access. It’s also commonly required for enterprise-grade database deployments due to different regulations and compliance requirements.

This feature is unavailable in the upstream MongoDB Community Edition and is available only in MongoDB Enterprise. PSMDB bridges this gap by offering data-at-rest encryption in Percona’s free and open-source version.

In this workshop, we will enable encryption on a whole replica set. For one of the nodes, we will use locally stored key file. This is the simplest approach, however, that approach is typically not recommended in production environments. The second approach that we will use for the second node is using external server to store and manage secrets. We’ll go through the integration with HashiCorp Vault that is supported by PSMDB. Additionally, we’ll rotate encryption key in an already encrypted MongoDB node.


About the Authors

Michał Nosek

Michał Nosek is a Senior Solutions Engineer with 10+ years of industry experience in various customer-facing software engineering roles, driven by connecting the world of business and technology through innovative solutions that solve challenging business problems.
 

Stephen Thorn

Stephen Thorn is a Solutions Engineer who excels in fast-paced, rapidly changing environments. A detailed-oriented planner who effectively leads teams of all sizes and environments.