MongoDB Enterprise Encryption and Key Management
MongoDB Enterprise eliminates the overhead of file and folder-based encryption solutions by providing encryption support directly in the database engine. For encryption key management MongoDB recommends the use of an external encryption key management solution like Alliance Key Manager for MongoDB.
MongoDB customers can deploy Alliance Key Manager and install the PKI certificates on the database server to easily begin retrieving encryption keys. Using native command line operations, users can generate a master encryption key and encrypt database keys with Alliance Key Manager for MongoDB.
Never Lose Access to Encrypted Data
Alliance Key Manager mirrors keys between multiple load-balanced key management appliances over a secure and mutually authenticated TLS connection for hot backup and disaster recovery support.
Complete Audit Trail
Built in logging allows administrators to track all key retrieval, key management, and system activity. Reports can be sent automatically to central log management, alerting facilities, or SIEM products for a timely and permanent record of activity.
Meet Compliance Requirements
By easily deploying encryption and key management, MongoDB customers can meet a wide variety of compliance regulations including PCI DSS, HIPAA, FISMA, EU General Data Protection Regulation, and many others.
In addition to providing keys for MongoDB, Alliance Key Manager can also provide support for any number of databases (SQL Server, MySQL, etc.) without additional license fees. This provides businesses with a predictable total cost of ownership.
The Platform You Are On
MongoDB customers can deploy Alliance Key Manager as a hardware security module (HSM), VMware virtual machine, or in the cloud as a native Amazon Web Services (AWS) EC2 instance or Microsoft Azure virtual machine. Alliance Key Manager supports seamless migration and hybrid implementations.
Supports IBM Power Linux and Intel Architectures
The MongoDB encryption support is built directly into the MongoDB database which means that customers do not need to deploy third party encryption solutions to protect data. Encryption key management is implemented through a native MongoDB interface that uses the Key Management Interoperability Protocol (KMIP) for key management. With a few commands MongoDB customers on both Power and Intel architectures can deploy proper key management using Alliance Key Manager. Since there are not license fees for the client-side implementation MongoDB customers can deploy one key server implementation to serve multiple databases without escalating costs for compliance.