- API >
- Public API Resources >
- Backup and Restore >
- Backup Encryption Keys
Backup Encryption Keys¶
On this page
Overview¶
MongoDB 3.4 Enterprise enables administrators to encrypt backups. Administrators must integrate with a KMIP server to generate and manage a master key used to encrypt the head databases during a backup operation. MongoDB recommends periodically rotating the KMIP master key for increased security.
Endpoints¶
Rotate the KMIP Master Key¶
Use the PUT
HTTP method with the following
endpoint to rotate the KMIP master key. Issue one PUT
request
for each shard and another PUT
request for the config server
replica set.
Retrieve the KMIP Master Key ID¶
Use the GET
HTTP method with the same endpoint to retrieve the ID of the
current KMIP master key.
Sample Entity¶
Entity Fields¶
Name | Type | Description |
---|---|---|
groupId |
string | ID of the group that the encryption key belong to. |
clusterId |
string | ID of the cluster that tthe encryption keys belong to. |
encryptionKeyUUID |
string | The ID of the KMIP master key. This key is used to encrypt and restore the head databases for an encrypted backup. |
Links¶
Relation | Description |
---|---|
self |
Me |
http://mms.mongodb.com/cluster |
The cluster that owns the backup configuration. |
http://mms.mongodb.com/group |
The group that owns the cluster. |