Engineering an Encrypted Storage Engine

PublishedJune 2, 2015


Amalia Hawkins, Software Engineer at MongoDB

We're building a storage engine for MongoDB that provides encryption at rest. When we first set out to do this, the questions were many: how do you protect database encryption keys in a distributed environment, where all the code is open source? Can you optimize performance despite the extra steps of encryption and decryption? And most importantly, how do you make the protection mechanisms easy-to-use yet secure? This talk covers the requirements we gathered, the issues we faced, and the design decisions we made. It is aimed at those interested in security, storage engines, and the engineering process.