Learn how MongoDB’s field-level encryption capability pairs with Vault’s KMIP secrets engine to help organizations deliver strong privacy and security controls.
Field level encryption (FLE) allows developers to selectively encrypt specific data fields. It helps protect sensitive data and enhances the security of communication between client apps and server. Pairing an FTE-capable database with a KMIP provider offers the highest level of security and control.
The Key Management Interoperability Protocol (KMIP) standard is a widely adopted approach to handle cryptographic workloads and secrets management for enterprise infrastructure such as databases, network storage, and virtual and physical servers. HashiCorp Vault, being a KMIP compliant Key Management Server (KMS), enables organizations to perform cryptographic operations for their apps and services.
With MongoDB releasing client-side field level encryption with KMIP support, customers are now able to use Vault’s KMIP secrets engine to supply the encryption keys. This allows customers to be in full control of their keys.
MongoDB’s drivers encrypt the sensitive fields in your documents before they leave the application. Client-side FLE allows customers to:
The diagram below illustrates the query flow submitted by an authenticated client using FLE:
This example assumes we are retrieving a user’s record by their SSN number:
This is one example of how MongoDB and HashiCorp Vault can help benefit organizations with security management across their databases and applications. We have built many integrations with MongoDB Atlas for database credential rotation and key management to help organizations protect and secure their data infrastructure.
MongoDB Atlas offers built-in security controls for customer data while also enabling enterprise-grade features to integrate with existing security protocols and compliance standards. In addition, Atlas simplifies deploying and managing databases while offering the versatility for developers to build resilient applications.
HashiCorp Vault is an identity-based sSecurity solution that leverages trusted sources of identity to keep secrets and application data secure with one centralized workflow for tightly controlling access to secrets across applications, systems, and infrastructure and encrypting data both in flight and at rest.
To learn more about how HashiCorp Vault and MongoDB can help your organization navigate through complex security challenges, tune into our virtual talk and session at MongoDB World, June 7-9 in New York City.
Accelerate your adoption of a cloud operating model. Visit us at AWS re:Invent in Las Vegas, Nov. 28 - Dec. 2 for breakout sessions, expert talks, and product demos.
As next-generation 5G begins to take shape, learn about a suite of comprehensive, identity-based security solutions for microservice environments.
Get an overview of the most common ways to use HashiCorp Vault and Kubernetes together, and get a preview of a new method we're considering.