Encrypting data at rest

chafey · March 18, 2015, 1:20pm

Hello All,

One of the requirements I need to fulfill is encrypting data at rest. Volume based encryption is not enough for our requirements as it does not prevent someone from accessing the data by obtaining access to the system through another means (e.g. zero day exploit of the OS). MongoDB does not currently support transparent encryption but there are several roadmap items that state that such functionality is “planned but not scheduled”:

https://jira.mongodb.org/browse/SERVER-9008?jql=text%20~%20"encryption"

I wanted to check with the forum and see if anyone has any ideas on how to meet these requirements using Meteor. I know there are third party products which can encrypt specific data files / volumes and only grant access to specific processes:

http://www-03.ibm.com/software/products/en/infosphere-guardium-data-encryption

The other approach is to do the encryption/decryption in the application layer itself or perhaps through a framework extension like collection hooks.

Any thoughts or feedback would be appreciated. Thanks!

Chris

vjau · March 18, 2015, 1:34pm

https://css.csail.mit.edu/mylar/

michaelcole · September 11, 2015, 10:06pm

Hey, there’s a couple ways to do this. Not sure how to plug it into Meteor’s collections though…

Here’s some links:

https://www.compose.io/articles/encrypting-sensitive-data-in-your-mongodb-database/

Here’s a DB layer API that’s in dev for Mongo 3.2:

http://docs.mongodb.org/master/release-notes/3.1-dev-series/#encrypted-storage-engine

Here’s a plugin for Mongoose (MongoDB ODM ) that does App level encryption:

github.com

joegoldbeck/mongoose-encryption/blob/master/index.js

'use strict';

module.exports = require('./lib/plugins/mongoose-encryption');
module.exports.encryptedChildren = require('./lib/plugins/encrypted-children.js');
module.exports.migrations = require('./lib/plugins/migrations.js');