1

I have mongoDb database, I want all data to be encrypted, how we can do this by using nodejs. All the key values should be encrypted.

Improve this question
5
  • You can use bcrypt-nodejs package (or bcrypt) Commented Jan 9, 2019 at 5:34
  • This is not a concern with MongoDB. You can encrypt the data before storing it regardless of DB and maintain a master key. Commented Jan 9, 2019 at 5:37
  • @Lex can you please explain how we can do this, I am new to mongoDb, any help will be appreciated Commented Jan 9, 2019 at 5:44
  • @VishalRana take a look at this article lollyrock.com/posts/nodejs-encryption , set up a dummy node project to test it out. Encryption is a two way process that uses a hidden secret key to encode/decode. As long as you know the key you can decrypt. So prior to storing in Mongo encrypt plain text or objects. And when you want to read decrypt Commented Jan 9, 2019 at 5:58
  • 1
    Please verify wether you want the data on rest to be encrypted or the actual values. For the former, there is a plethora of options. Commented Jan 9, 2019 at 7:24

2 Answers 2

Reset to default
2

This is not a concern with MongoDB. You can encrypt the data before storing it regardless of DB and maintain a master key.

Encryption is a two way process that uses a hidden secret key to encrypt/decrypt. As long as you know the master key you can decrypt. So prior to storing in Mongo encrypt plain text or objects. And when you want to read decrypt.

You'll add a performance overhead to encrypt/decrypt all your data. And you'll loose the ability to query data freely. But if it's sensitive user data you're taking the right path. As long as your master KEY is kept secret even if your database is stolen the data is still safe.

Take a look at this article https://lollyrock.com/posts/nodejs-encryption/ , and set up a dummy node project to test it out. Try encrypting and decrypting and print out the output.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

MongoDB Enterprise provides you option to encrypt the database.

You can use Mongoose-encryption package for simple encryption and authentication of mongoose documents.

Improve this answer

2 Comments

I am using Mongoose-encryption, but some of the methods are not working. Like find() is working but findOne() not.
findOne() is expected to work. But,if you had encrypted multiple documents at once,as per documentation, you cannot select individual encrypted fields in a query nor unset or rename encrypted fields via an update operation.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.