Data at rest encryption - Percona Operator for MongoDB

anon17965173 · January 21, 2023, 3:38pm

According to Data at rest encryption - Percona Operator for MongoDB I can set my encryption secret as a Kubernetes secrets file.

But what name must the stored Key be called the docs don’t tell.

Getting:

{"t":{"$date":"2023-01-21T16:15:35.362+00:00"},"s":"E",  "c":"STORAGE",  "id":29038,   "ctx":"initandlisten","msg":"Exception in EncryptionKeyDB::init: {e}","attr":{"e":"cannot read stats of encryption key file: /etc/mongodb-encryption/encryption-key: No such file or directory"}}
{"t":{"$date":"2023-01-21T16:15:35.362+00:00"},"s":"E",  "c":"CONTROL",  "id":20558,   "ctx":"initandlisten","msg":"std::exception in initAndListen, terminating","attr":{"error":"cannot read stats of encryption key file: /etc/mongodb-encryption/encryption-key: No such file or directory"}}

Thanks for looking into this and updating docs.

anon17965173 · January 21, 2023, 4:28pm

Ok, key name seems to be:

encryption-key in the secrets file.

It expects a base64 encoded value and the you can create --from-literal to let it be encoded another time as usual by kubectl.

PRs needed for docs and helm chart Readme file.

Topic		Replies	Views
Encryption at rest with Percona MongoDB backups Percona Backup for MongoDB	3	1082	June 14, 2021
Percona MongoDB with vault Percona Server for MongoDB	20	3101	July 3, 2023
Full customization of deployment with kubernetes Percona Operator for MongoDB	2	587	May 20, 2022
Percona MongoDB with vault in ubuntu Percona Server for MongoDB percona	5	1452	April 12, 2021
Hashicorp vault for mongoDB operator on EKS Percona Operator for MongoDB kubernetes	3	703	September 27, 2021

Data at rest encryption - Percona Operator for MongoDB

Related Topics