Skip to main content
Version: 13.x (Current)

MongoDB Configurations and Encryption

MongoDB Configuration

As mentioned in the General Settings page, to connect with MongoDB, Mia-Platform Console only needs the connection string provided using the configurations.mongodbUrl configuration.

Cluster size

MongoDB Cluster size can be shaped based to the number of Projects managed whithin Mia-Platform Console. However a Cluster with 10GB of storage is enough to manage up to 1000 Projects.

MongoDB Encryption

Mia-Platform Console can interact with MongoDB using Client-Side Field Level Encryption (CSFLE).

To enable this feature you need access to a KMS and provide the configurations described below.

danger

Client-Side Field Level Encryption (CSFLE) is only available when using MongoDB Enterprise license, if you have the Community license encryption is not enforced, therefore you'll have plain-text fields.

Not enabling CSFLE in the on premise Console installation is considered a bad security practice and it should be avoided.

To activate encryption use the crudEncryption value inside the configurations object.

CRUD Encryption

NameTypeDescriptionDefaultOptional
kmsProviderstringKMS provider id (gcp or local)
keyVaultNamespacestringKey vault name in the format dbName.collectionName
gcpConfigobjectConfiguration for the GCP KMS (use this when kmsProvider is gcp)
localConfigobjectConfiguration for the Local KMS (use this when kmsProvider is local). This configuration is not recommended for production environments

KMS GCP Configuration

NameTypeDescriptionDefaultOptional
emailstringThe email defined by the GCP KMS
projectIdstringThe projectId defined by the GCP KMS
locationstringThe location defined by the GCP KMS
keyRingstringThe keyRing defined by the GCP KMS
keyNamestringThe keyName defined by the GCP KMS
privateKeystringThe privateKey defined by the GCP KMS

Local KMS Configuration

NameTypeDescriptionDefaultOptional
masterKeystringThe master key value used for encryption

To generate the master key check out the official documentation page.

Examples

mia-console:
configurations:
...
crudEncryption:
keyVaultNamespace: 'dbname.collectionname'
kmsProvider: 'gcp'
gcpConfig:
email: 'kms-gcp-email'
projectId: 'kms-gcp-projectid'
location: 'kms-gcp-location'
keyRing: 'kms-gcp-keyring'
keyName: 'kms-gcp-keyname'
privateKey: 'THE\nPRIVATE\nKEY'