Docs Home → MongoDB Ops Manager
Encrypted Backup Snapshots
On this page
Snapshot encryption depends upon which
version of MongoDB your database is compatible.
This Feature Compatibility Version ranges from the current version
to one version earlier. For MongoDB 4.2, the FCV can be 4.0
or
4.2
. You can only create encrypted snapshots from encrypted
clusters.
Prerequisites
A host running KMIP-compliant key management to generate and store encryption keys.
Important
You must maintain all keys, even rotated keys, in the KMIP host.
Set up KMIP Host Configuration for Ops Manager
Complete the KMIP fields.
Update the following KMIP host fields in the KMIP Server Configuration section:
Type the FQDN for the KMIP host. | |
Type the port on which the KMIP host is listening for
KMIP connections. The default KMIP port is 5696. | |
Type the absolute path for the Certificate Authority file on the Ops Manager
host. This must be the same Certificate Authority file stored on the
KMIP host. |
Configure Your Project to Use KMIP
Note
All deployments in the project use the same KMIP client certificate file to authenticate.
Complete the KMIP fields.
KMIP client certificate path | Type the absolute path for the client certificate file on the Ops Manager host. Ops Manager uses this certificate to authenticate itself to the KMIP server. A single file can hold both the CA and client certificate. |
KMIP client certificate password | Optional Only enter if the certificate specified in
KMIP client certificate path is encrypted. |