Wiredtiger storage engine to use apis to encrypt / decrypt data at rest?

Does wiredtiger has a capability to encrypt / descrypt data at rest using apis that my enterprise exposes ?
Or may be calling HSM ?

Hi @Vidyasagar_Gayakwad welcome to the community!

In short, no. WiredTiger can encrypt data at rest natively (i.e. not configurable for calling an API) but this feature is limited to the MongoDB Enterprise Server, which requires the Enterprise Advanced subscription.

Alternatively, you can use Client-Side Field Level Encryption that works with MongoDB Community Server. The only difference between Community & Enterprise editions is that the Enterprise edition allows you to use automatic encryption:

  • Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.
  • Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver’s encryption library. You must specify the logic for encryption with this library throughout your application.

Otherwise both editions are equally secure.

If you can use Atlas, it provides encryption-at-rest by default, and you can also manage your own keys to do so.

Best regards
Kevin

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.