database encryption for mongodb
play

Database Encryption for MongoDB Peter Schwaller Senior Director - PowerPoint PPT Presentation

May 17, 2023 •110 likes •227 views

Open Source Transparent Database Encryption for MongoDB Peter Schwaller Senior Director Server Engineering, Percona Agenda Why encrypt? What gets encrypted? What is supported where? How does it all work? Future of open

  1. Open Source Transparent Database Encryption for MongoDB Peter Schwaller – Senior Director Server Engineering, Percona

  2. Agenda • Why encrypt? • What gets encrypted? • What is supported where? • How does it all work? • Future of open source solutions 2

  3. Why Encrypt? • Can help ensure compliance with security and privacy standards, including PCI-DSS, HIPAA, and FERPA. • Ensures that exposure of DB files doesn’t lead to exposure of the stored data. 3

  4. What is Supported Where? Feature MongoDB Community MongoDB Enterprise Percona Server for MongoDB Wired Tiger encryption No Yes Yes Local Key File No Yes Yes KMIP key management No Yes No Vault key management No No Planned MongoRocks encryption N/A N/A No mmapv1 encryption No No No redactClientLogData No Yes Yes 4

  5. What Gets Encrypted? • Wired Tiger storage engine data • Collections, indexes, journal, Wired Tiger log files, etc • MongoDB log files are not encrypted • Use security.redactClientLogData to help obscure log file data 5

  6. Getting Started (Local Keyfile Example) 1. Start with an empty datadir 2. Create a keyfile • openssl rand -base64 32 > mongodb-keyfile 3. Update permissions • chmod 600 mongodb-keyfile 4. Update mongod start parameters • --enableEncryption • --encryptionKeyFile <path to keyfile> 6

  7. Under the Hood • Each database is encrypted with an internally generated encryption key • Master Key or Keyfile is used to encrypt the internal keystore • Encryption performed at the page level which improves performance • If using a key manager, you can use – kmipRotateMasterKey to reencrypt the internal keystore • This does NOT change the database/collection data on disk • --encryptionCipherMode [AES256-CBC, AES256-GCM] 7

  8. Rotate Encryption of Data • Cannot change internal database encryption key once data exists • Must start a fresh replica set member and sync from scratch 8

  9. What’s Next in Percona Server for MongoDB? • Vault key management • Enables solutions compliant with standards • Align with Vault keyring support in Percona Server for MySQL • Master key rotation • Depending upon user interest, AWS KMS integration 9

  10. Rate My Session 10

  11. Thank You Sponsors!! 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Your First MongoDB Environment: What You Should Know Before Choosing MongoDB as Your Database Me

Your First MongoDB Environment: What You Should Know Before Choosing MongoDB as Your Database Me

Your First MongoDB Environment: What You Should Know Before Choosing MongoDB as Your Database Me - @adamotonete Adamo Tonete Senior Technical Engineer Brazil Agenda What is MongoDB? The good side of MongoDB with details.

715 views • 26 slides
CS 61: Database Systems Distributed systems Adapted mongodb.com unless otherwise noted Agenda

CS 61: Database Systems Distributed systems Adapted mongodb.com unless otherwise noted Agenda

CS 61: Database Systems Distributed systems Adapted mongodb.com unless otherwise noted Agenda 1. Centralized systems 2. Distributed systems High availability Scalability 3. MongoDB 2 A single database can handle many thousands of

671 views • 31 slides
MongoDB Open-source, high-performance , document- oriented database Jay Urbain, PhD

MongoDB Open-source, high-performance , document- oriented database Jay Urbain, PhD

MongoDB Open-source, high-performance , document- oriented database Jay Urbain, PhD https://docs.mongodb.com/ Modern Databases Non-relational data stores (NoSQL) Key/value Horizontal scalability, no table joins Hive,

543 views • 30 slides
CS 61: Database Systems MongoDB Schema Design Adapted mongodb.com unless otherwise noted Agenda

CS 61: Database Systems MongoDB Schema Design Adapted mongodb.com unless otherwise noted Agenda

CS 61: Database Systems MongoDB Schema Design Adapted mongodb.com unless otherwise noted Agenda 1. Data relationships 2. Accessing embedded documents 2 The big schema design question is whether to embed documents or normalize Embedded vs

679 views • 18 slides
MONGODB A NoSQL, document-oriented database DATABASES organized collections of data Database

MONGODB A NoSQL, document-oriented database DATABASES organized collections of data Database

CS 498RK FALL 2016 MONGODB A NoSQL, document-oriented database DATABASES organized collections of data Database Models 1960s NAVIGATIONAL linked list of free-form records hash on a primary key, linearly scan through a linked list

1.02k views • 76 slides
MongoDB Sharding 101 Agenda What is MongoDB? Single Instances Replica-set

MongoDB Sharding 101 Agenda What is MongoDB? Single Instances Replica-set

MongoDB Sharding 101 Agenda What is MongoDB? Single Instances Replica-set architecture Shard architecture Q&amp;A What is MongoDB MongoDB MongoDB is a free and open-source, cross-platform, document-oriented

600 views • 44 slides
Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for

Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for

Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for MongoDB Community Edition MongoDB Enterprise Edition Replica Set Cluster Percona Backup for MongoDB 2 Elements of MongoDB Backups 3 MongoDB oplog

1.43k views • 38 slides
MongoDB Thomas Schwarz, SJ MongoDB History 2007 Developed by 10gen as a Platform as a Service

MongoDB Thomas Schwarz, SJ MongoDB History 2007 Developed by 10gen as a Platform as a Service

MongoDB Thomas Schwarz, SJ MongoDB History 2007 Developed by 10gen as a Platform as a Service (PaaS) 2009 Open Source model is adopted 2013 10gen becomes MongoDB 2019 MongoDB as a service on Alibaba cloud MongoDB comes from

1.15k views • 66 slides
Introduction to Amazon DocumentDB (with MongoDB compatibility) Fast, scalable, and fully managed

Introduction to Amazon DocumentDB (with MongoDB compatibility) Fast, scalable, and fully managed

Introduction to Amazon DocumentDB (with MongoDB compatibility) Fast, scalable, and fully managed MongoDB-compatible database service Joseph Idziorek, AWS Principal Product Manager Purpose b built The right tool for the right job

688 views • 45 slides
What's New in Percona Server for MongoDB? 2019 Q3: Enterprise Enhancements and v4.2 4:00 PM -

What's New in Percona Server for MongoDB? 2019 Q3: Enterprise Enhancements and v4.2 4:00 PM -

What's New in Percona Server for MongoDB? 2019 Q3: Enterprise Enhancements and v4.2 4:00 PM - 4:50 PM - Room B About Adamo and Akira Two of the most experienced MongoDB field experts in the world. Adamo w/ MongoDB: 2013 ~ MongoDB: 2009 ~

811 views • 66 slides
Everything You Know About MongoDB is Wrong (Probably) Mark Smith | MongoDB | @Judy2K Myth 0

Everything You Know About MongoDB is Wrong (Probably) Mark Smith | MongoDB | @Judy2K Myth 0

Everything You Know About MongoDB is Wrong (Probably) Mark Smith | MongoDB | @Judy2K Myth 0 You think we havent seen this on YouTube @Gar1t on YouTube MongoDB is Web Scale Weve seen it. Weve bought the T-shirts. What is MongoDB?

1.29k views • 40 slides
MongoDB Indexing Dr Janusz R. Getta School of Computing and Information Technology - University

MongoDB Indexing Dr Janusz R. Getta School of Computing and Information Technology - University

MongoDB Indexing file:///Users/jrg/235-2020-SPRING/SLIDES/WEEK11/26indexing/26indexing.html#1 CSCI235 Database Systems MongoDB Indexing Dr Janusz R. Getta School of Computing and Information Technology - University of Wollongong 1 of 25

1k views • 25 slides
External Authentication with Percona Server for MongoDB and MongoDB Enterprise Jason Terpko DBA

External Authentication with Percona Server for MongoDB and MongoDB Enterprise Jason Terpko DBA

External Authentication with Percona Server for MongoDB and MongoDB Enterprise Jason Terpko DBA @ Rackspace/ObjectRocket linkedin.com/in/jterpko 1 Overview Percona Server For MongoDB o SASL and LDAP o MongoDB Enterprise o Kerberos and

430 views • 25 slides
MongoDB Databases, Collections, Documents Dr Janusz R. Getta School of Computing and Information

MongoDB Databases, Collections, Documents Dr Janusz R. Getta School of Computing and Information

MongoDB Databases, Collections, Documents file:///Users/jrg/235-2020-SPRING/SLIDES/WEEK08/19mongodbdbscolsdocs/19mongodbdbscolsdocs... CSCI235 Database Systems MongoDB Databases, Collections, Documents Dr Janusz R. Getta School of Computing

480 views • 34 slides
MongoDB Building data model with MongoDB and Mongoose MVC Pattern Connect Express app to

MongoDB Building data model with MongoDB and Mongoose MVC Pattern Connect Express app to

MongoDB Building data model with MongoDB and Mongoose MVC Pattern Connect Express app to MongoDB with Mongoose Could use native MongoDB driver, but not easy to work with MongoDB native driver does not offer built-in way of

1.18k views • 27 slides
1. Instillations o https://www.mongodb.com/download-center/community 2. Download and Install

1. Instillations o https://www.mongodb.com/download-center/community 2. Download and Install

1. Instillations o https://www.mongodb.com/download-center/community 2. Download and Install MongoDB community server o Create a separate installation location /directory mongodb (for windows, c:\mongodb) and install your MongoDB in that

568 views • 3 slides
Responding to All Managing Relationships with Key Constituencies Todays Facilitators Jamie

Responding to All Managing Relationships with Key Constituencies Todays Facilitators Jamie

Responding to All Managing Relationships with Key Constituencies Todays Facilitators Jamie LaRue Sharon Morris LaRue &amp; Associates Colorado State Library @jaslar @cslsharon Todays Agenda Introduction &amp; Models Constituencies

479 views • 19 slides
Publicly Verifiable Secret Sharing for Cloud-based Key Management Roy DSouza, David Jao, Ilya

Publicly Verifiable Secret Sharing for Cloud-based Key Management Roy DSouza, David Jao, Ilya

Publicly Verifiable Secret Sharing for Cloud-based Key Management Roy DSouza, David Jao, Ilya Mironov and Omkant Pandey Microsoft Corporation and University of Waterloo December 13, 2011 Overview Motivation: Allow users to store

566 views • 15 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
HOPWA Flexibilities Virtual Inspections Webinar August 5, 2020 Presenters From the Cloudburst

HOPWA Flexibilities Virtual Inspections Webinar August 5, 2020 Presenters From the Cloudburst

HOPWA Flexibilities Virtual Inspections Webinar August 5, 2020 Presenters From the Cloudburst Group: Heather Rhoda, Senior Analyst Steve Ellis, Senior Analyst Morgan Stephenson, Analyst From HUDs Office of HIV Housing (OHH), who are

742 views • 33 slides
Technical Webinar SvSAN on KVM &amp; StorSecure 6 June 2019 MAKING THE COMPLEX SIMPLE MAKING THE

Technical Webinar SvSAN on KVM &amp; StorSecure 6 June 2019 MAKING THE COMPLEX SIMPLE MAKING THE

2019 2019 Technical Webinar SvSAN on KVM &amp; StorSecure 6 June 2019 MAKING THE COMPLEX SIMPLE MAKING THE COMPLEX SIMPLE CONFIDENTIAL PRESENTERS &amp; AGENDA BRUCE KORNFELD CMO &amp; GM Americas MARK CHRISTIE Director, Technical Services

589 views • 19 slides
Distributed Key Management For Sensitive Data Joni Hahkala (HIP), John White (HIP), kos Frohner

Distributed Key Management For Sensitive Data Joni Hahkala (HIP), John White (HIP), kos Frohner

Enabling Grids for E-sciencE Distributed Key Management For Sensitive Data Joni Hahkala (HIP), John White (HIP), kos Frohner (CERN) and Kalle Happonen (HIP) ISGC'10, Taipei, Taiwan www.eu-egee.org EGEE-III INFSO- EGEE and gLite are

581 views • 13 slides
NDN-BMS Security: Requirements and Solution Wentao Shang (UCLA) Application scenario

NDN-BMS Security: Requirements and Solution Wentao Shang (UCLA) Application scenario

NDN-BMS Security: Requirements and Solution Wentao Shang (UCLA) Application scenario NDN-BMS collects sensor data from UCLA campus and publishes the data into an NDN repo Multiple users have access to the data Different users have

393 views • 11 slides
Managers and Productivity Differences Nezih Guner, Andrii Parkhomenko and Gustavo Ventura RIDGE,

Managers and Productivity Differences Nezih Guner, Andrii Parkhomenko and Gustavo Ventura RIDGE,

Managers and Productivity Differences Nezih Guner, Andrii Parkhomenko and Gustavo Ventura RIDGE, 2014 Motivation Motivation Understanding cross-country income differences. Motivation Understanding cross-country income differences. Bulk

1.38k views • 91 slides

More recommend