{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 倾城 Initia 的问题《Error when enabling data encryption using local ke》','https://www.manongdao.com/q-570663.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have successfully encrypted the communication in mongoDB but when I try to enable the data encryption I'm getting errors. I am using the enterprise edition of mongoDB with version 3.2.4. I get the following message in the console:
ERROR: child process failed, exited with error number 14
But when I look at the logs I see detailed error as follows:
Unable to retrieve key .system, error: there are existing data files, but no valid keystore could be located.
Fatal Assertion 28561
following is the snippet of my config file:
# enable authentication
security:
authorization: enabled
enableEncryption: true
encryptionKeyFile: /home/test/mongodb-keyfile
It works fine without the enableEncryption, and encryptionKeyFile parameters. Could anyone explain what i'm missing here? thanks!
MongoDB's encrypted storage engine supports two key management options:
Worth mentioning that using a key manager meets regulatory key management guidelines and is recommended over the local key management.
If you are using Key Manager option, please see KMIP Master Key Rotation.
Since you are using the Local Key option, if you have a Replica Set deployment you could rotate the replica set member. This would re-sync data from the un-encrypted to the encrypted
mongod.Alternatively if you only have a standalone
mongod, you could:mongodprocess.dbpath. Exercise extra caution! - If you are deleting, make sure you have a backup data.mongodwith --enableEncryption and --encryptionKeyFile.mongod.As an example, you could use mongodump to dump the data, and use mongorestore to restore the dump files.
Lastly, note that MongoDB Enterprise edition is a commercially supported product. I'd suggest opening a support case if you have a Commercial Support subscription.