Introduction
This document describes the integration of MongoDB with the Entrust KeyControl Vault Management Solution (KMS). Entrust KeyControl Vault can serve as a KMS in MongoDB using the open standard Key Management Interoperability Protocol (KMIP).
Documents to read first
This guide describes how to configure the Entrust KeyControl Vault server as a KMS in MondoDB.
To install and configure the Entrust KeyControl Vault server as a KMIP server, see the Entrust KeyControl Vault nShield HSM Integration Guide. You can access it from the Entrust Document Library and from the nShield Product Documentation website.
Also refer to the MongoDB online documentation.
Requirements
-
Entrust KeyControl Vault version 10.2 or later
An Entrust KeyControl license is required for the installation. You can obtain this license from your Entrust KeyControl Vault and MongoDB account team or through Entrust KeyControl Vault customer support.
-
MongoDB Enterprise Edition 7.0.6 or later
| Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. |
High-availability considerations
Entrust KeyControl Vault uses an active-active deployment, which provides high-availability capability to manage encryption keys. Entrust recommends this deployment configuration. In an active-active cluster, changes made to any KeyControl node in the cluster are automatically reflected on all nodes in the cluster. For information about Entrust KeyControl, see the Entrust KeyControl Vault Product Overview.
Product configuration
The integration between the MongoDB Enterprise Edition and Entrust KeyControl Vault has been successfully tested in the following configurations:
| Product | Version |
|---|---|
MongoDB Enterprise Edition |
7.0.6 |
Entrust KeyControl Vault |
10.2 |
Red Hat Enterprise Linux 8.9 (Ootpa) |
Kernel: Linux 4.18.0-513.18.1.el8_9.x86_64 |