Not the answer you need?
Register and ask your own question!

Verify Encryption

I have implemented encryption using

How to verify whether data is actually encrypted or not. Data size of encrypted/un-encrypted database is exactly same.

Best Answers

  • Akira KuroganeAkira Kurogane Percona Percona Staff Role
    Accepted Answer
    The data size will be roughly the same.

    If it's just that you need to see that the configuration is in effect check the output of the mongo shell command. If the data-at-rest settings are present (security.enableEncryption: true being the main one) it must be in effect - the mongod would have aborted on startup if it couldn't follow those settings.

    And if you look in the for any collection then in the "wiredTiger.creationString" field I believe you will see one of the WiredTiger table options is something about encryption ("encryption=(keyid=identifier)")

    If you don't want to take it on faith that the configuration information is true, then there's a strong practical test you can do. Comment out the the security.* settings for encryption in the mongod.conf file and restart to observe that it cannot recover the data without the encryption keys. Disclaimer: I don't know if this will cause damage or not. I am suggesting it now only because it sounds like you're trying in a dev environment for the first time.



  • samjunctionsamjunction Current User Role Novice
    Thank you for the reply. 
    Any idea how to setup replication with encryption enabled. Right now I only have single instance running.
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.