Greetings -
I am trying to run the docker Percona Server for MongoDB with at-rest encryption enabled with a local key file as follows:
docker run --rm --name percona --user root:root -v ./datadir:/data/db -v ./percona_key:/tmp/percona_key percona/percona-server-mongodb:6.0 --enableEncryption --encryptionKeyFile /tmp/percona_key
For security reasons, I want my encryptionKeyFile to be owned by root:
ls -l percona_key
-rw------- 1 root root 45 Sep 28 08:02 percona_key
However, this seems to cause the container grief as I see this error message in the log:
Data-at-Rest Encryption Error",“attr”:{“error”:{“what”:“Can’t create encryption key database”,“reason”:{“what”:“key reading failed”,“reason”:“reading the master key from the encryption key file failed: cannot open specified encryption key file: /tmp/percona_key”},“encryptionKeyDatabaseDirectory”:"/data/db/key.db
If I were to run the container without encryption, I am indeed able execute a shell in the container and cat the contents of /tmp/percona_key successfully:
docker run --rm --name percona --user root:root -v ./datadir:/data/db -v ./percona_key:/tmp/percona_key percona/percona-server-mongodb:6.0
docker exec -i percona cat /tmp/percona_key
xIaMJL26yLFZR6gES3mPTf5GZX7EStQ+qXbh9hDk6GA=
So, is it possible to have root own the key file with the container and if so how?