Reputation: 639
I have been reading about Data encryption at rest feature in MongoDB. I understand that plain text data is encrypted using database key and it is stored in disk. Lets say if any DBA connects to the database and executes a query to retrieve the data from DB. Will this data be in decrypted form. Is there any restriction imposed on such operations where DBA is prompted to enter the key ?
Upvotes: 1
Views: 101
Reputation: 42615
The "Encrypted Storage Engine" of Mongo encrypts data only on file level. This means it is encrypted when written into a database storage file and decrypted when it is read.
On database level (and on transport level) the data is again plain. Therefore any DBA will not see a difference whether the database is encrypted or not.
This type of encryption is designed to prevent data theft/leakage when someone manages to access the file-system data (or a backup of it) where your Mongo server stores the database files.
What you are looking for is an "Application Level Encryption" solution. Usually such a solution will be integrated into your "database client application" (from the perspective of the Mongo Server).
Upvotes: 1