Learn how MongoDB’s field-level encryption capability pairs with Vault’s KMIP secrets engine to help organizations deliver strong privacy and security controls.
Field level encryption (FLE) allows developers to selectively encrypt specific data fields. It helps protect sensitive data and enhances the security of communication between client apps and server. Pairing an FTE-capable database with a KMIP provider offers the highest level of security and control.
The Key Management Interoperability Protocol (KMIP) standard is a widely adopted approach to handle cryptographic workloads and secrets management for enterprise infrastructure such as databases, network storage, and virtual and physical servers. HashiCorp Vault, being a KMIP compliant Key Management Server (KMS), enables organizations to perform cryptographic operations for their apps and services.
With MongoDB releasing client-side field level encryption with KMIP support, customers are now able to use Vault’s KMIP secrets engine to supply the encryption keys. This allows customers to be in full control of their keys.
MongoDB’s drivers encrypt the sensitive fields in your documents before they leave the application. Client-side FLE allows customers to:
The diagram below illustrates the query flow submitted by an authenticated client using FLE:
This example assumes we are retrieving a user’s record by their SSN number:
This is one example of how MongoDB and HashiCorp Vault can help benefit organizations with security management across their databases and applications. We have built many integrations with MongoDB Atlas for database credential rotation and key management to help organizations protect and secure their data infrastructure.
MongoDB Atlas offers built-in security controls for customer data while also enabling enterprise-grade features to integrate with existing security protocols and compliance standards. In addition, Atlas simplifies deploying and managing databases while offering the versatility for developers to build resilient applications.
HashiCorp Vault is an identity-based sSecurity solution that leverages trusted sources of identity to keep secrets and application data secure with one centralized workflow for tightly controlling access to secrets across applications, systems, and infrastructure and encrypting data both in flight and at rest.
To learn more about how HashiCorp Vault and MongoDB can help your organization navigate through complex security challenges, tune into our virtual talk and session at MongoDB World, June 7-9 in New York City.
Visit our Minecraft world and learn how HashiCorp Vault, Consul, Nomad, and Boundary all work through fun analogies. Join us at HashiConf Global 2022 — in Los Angeles or online Oct. 4-6.
Find out about the 13 most interesting HashiConf Global sessions for enterprise cloud platform teams. Join us October 4 - 6, 2022 in Los Angeles and virtual.
The release of vault-k8s 1.0 marks a great time to learn how HashiCorp Vault has integrated with Kubernetes in the past and what to look forward to in the future.