Can I configure encrypt at rest with a key per indvidual databases?

I would like to encrypt at rest using a different key per database. Is that possible with Atlas? Is it possible with Mongo in general? I know how to do it on the project level in Atlas but I don’t see an option at the database level.

Hello Jackie_Gleason,

Atlas’ Encryption at Rest using Customer Key Management feature today already encrypts each database with a unique key. For each of your projects, you specify a KMS key to be used as a top level encryption key. That top level encryption key protects the lower level Data Encryption Keys that are used to encrypt your databases. Those Data Encryption Keys are unique per database and Atlas takes care of their creation. So you have a unique key per database, protected by a top level key that you specify and manage in your chosen Key Management Service. In the Atlas Security Whitepaper there is a great diagram under the “Encryption Key Management” section explaining the encryption key hierarchy, along with wealth of information about all of the security measures Atlas uses to protect your data - which you can download at Security | MongoDB (toward the bottom of the page). Hopefully that answers your question.


1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.