https://www.percona.com/blog/using-vault-to-store-the-master-key-for-data-at-rest-encryption-on-percona-server-for-mongodb/ Thu, 11 Mar 2021 15:43:55 +0000 hourly 1 https://wordpress.org/?v=6.5.2 https://www.percona.com/blog/using-vault-to-store-the-master-key-for-data-at-rest-encryption-on-percona-server-for-mongodb/#comment-10973069 Thu, 11 Mar 2021 15:43:55 +0000 https://www.percona.com/blog/?p=66495#comment-10973069 Thank you, Craig for valuable input! Our intention was to keep it as simple as possible – to provide the setup for testing this feature. There are probably also many other points worth considering when configuring it for production workload.

]]> https://www.percona.com/blog/using-vault-to-store-the-master-key-for-data-at-rest-encryption-on-percona-server-for-mongodb/#comment-10972997 Mon, 01 Feb 2021 17:01:03 +0000 https://www.percona.com/blog/?p=66495#comment-10972997 Thanks Jaime and Michal for your informative article. I do have a comment regarding the Vault token creation however – if you use the above commands, you will end up with a token that will expire in 768h that cannot be renewed.
I suggest something like:
# vault token create -period=768h -renewable -policy=mongodb-policy
You will then be able to periodically renew the token (so long as it hasn’t expired) by a curl command like:
# curl -s –header “X-Vault-Token: s.cFy5NxA72Wk7VhVH45VJ4Rib” –request POST https://192.168.0.114:8200/v1/auth/token/renew-self
You could alternatively renew using the accessor token.

]]> https://www.percona.com/blog/using-vault-to-store-the-master-key-for-data-at-rest-encryption-on-percona-server-for-mongodb/#comment-10972241 Mon, 18 May 2020 14:32:42 +0000 https://www.percona.com/blog/?p=66495#comment-10972241 Fatal Assertion 50944 at src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp 1073 i am getting this one

]]>