user2702700
user2702700

Reputation: 639

Will mongoDB restrict DBA from accessing encrypted data if encryption is enabled

I have been reading about Data encryption at rest feature in MongoDB. I understand that plain text data is encrypted using database key and it is stored in disk. Lets say if any DBA connects to the database and executes a query to retrieve the data from DB. Will this data be in decrypted form. Is there any restriction imposed on such operations where DBA is prompted to enter the key ?

Upvotes: 1

Views: 101

Answers (1)

Robert
Robert

Reputation: 42615

The "Encrypted Storage Engine" of Mongo encrypts data only on file level. This means it is encrypted when written into a database storage file and decrypted when it is read.

On database level (and on transport level) the data is again plain. Therefore any DBA will not see a difference whether the database is encrypted or not.

This type of encryption is designed to prevent data theft/leakage when someone manages to access the file-system data (or a backup of it) where your Mongo server stores the database files.

What you are looking for is an "Application Level Encryption" solution. Usually such a solution will be integrated into your "database client application" (from the perspective of the Mongo Server).

Upvotes: 1

Related Questions