Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13594

Support for encrypted backups

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Admin, Security
    • None
    • Fully Compatible

    Description

      When performing a backup/restore using mongodump/mongorestore it should be possible to specify a password protecting the backup.

      Suggested implementation:
      1. The user inputs a password to the mongodump tool.
      2. A random salt is created.
      3. The password is hashed with the salt using PBKDF2 to generate an AES-256 key.
      4. The file is encrypted using AES-256 in CBC mode.
      5. The salt and the CBC IV is stored in a file header to retrieve for decryption.

      Things to consider are which encryption library (if any) to use in mongodump/mongorestore

      Attachments

        Activity

          People

            Unassigned Unassigned
            andreas.nilsson Andreas Nilsson
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: