Docs Menu

Encrypt a Realm - Node.js SDK

On this page

  • Overview
  • Considerations
  • Storing & Reusing Keys
  • Performance Impact
  • Encryption and Realm Sync
  • Accessing an Encrypted Realm from Multiple Process
  • Example

You can encrypt the realm database file on disk with AES-256 + SHA-2 by supplying a 64-byte encryption key when opening a realm.

Realm transparently encrypts and decrypts data with standard AES-256 encryption using the first 256 bits of the given 512-bit encryption key. Realm uses the other 256 bits of the 512-bit encryption key to validate integrity using a hash-based message authentication code (HMAC).

Warning

Do not use cryptographically-weak hashes for realm encryption keys. For optimal security, we recommend generating random rather than derived encryption keys.

You must pass the same encryption key when opening the encrypted realm again. Apps should store the encryption key securely.

Typically, reads and writes on encrypted realms can be up to 10% slower than unencrypted realms.

You can encrypt a synced realm. MongoDB Realm only encrypts the data on the device and stores the data unencrypted in your MongoDB Atlas data source.

Realm forbids opening the same encrypted realm from multiple processes. Attempting to do so will throw the error: "Encrypted interprocess sharing is currently unsupported."

The following code demonstrates how to generate an encryption key and open an encrypted realm:

←  Link User Identities - Node.js SDKQuery Engine - Node.js SDK →
Give Feedback
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.