From 2b4bc4afc6b04c892b633ac3025dba5ea817cf75 Mon Sep 17 00:00:00 2001 From: Steve Renaker Date: Tue, 1 Nov 2016 15:13:13 -0700 Subject: [PATCH] DOCS-8760: Document "--kmipPort" for encrypted storage engine usage --- source/tutorial/configure-encryption.txt | 54 ++++++++++++------------ 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/source/tutorial/configure-encryption.txt b/source/tutorial/configure-encryption.txt index 8945a1c5a4e..751f8260f33 100644 --- a/source/tutorial/configure-encryption.txt +++ b/source/tutorial/configure-encryption.txt @@ -73,24 +73,24 @@ Encrypt Using a New Key To create a new key, connect :program:`mongod` to the key manager by starting :program:`mongod` with the following options: -- ``--enableEncryption``, +- :option:`--enableEncryption` +- :option:`--kmipServerName` +- :option:`--kmipPort` +- :option:`--kmipServerCAFile` +- :option:`--kmipClientCertificateFile` -- ``--kmipServerName ``, - -- ``--kmipServerCAFile ``, and - -- ``--kmipClientCertificateFile ``. - -Include any other options specific to your configuration. +Include any other options specific to your +:program:`mongod` configuration. .. code-block:: sh mongod --enableEncryption --kmipServerName \ - --kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem + --kmipPort --kmipServerCAFile ca.pem \ + --kmipClientCertificateFile client.pem -This operation creates a new master key in your key manager for use by -the :program:`mongod` to wrap the keys :program:`mongod` generates for -each database. +This operation creates a new master key in your key manager which +:program:`mongod` uses to encrypt the keys :program:`mongod` generates +for each database. To verify that the key creation and usage was successful, check the log file. If successful, the process will log the following messages: @@ -107,33 +107,31 @@ file. If successful, the process will log the following messages: Encrypt Using an Existing Key ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can use an existing master key created and managed by your KMIP. To -use an existing key, connect :program:`mongod` to the key manager by -starting :program:`mongod` with the following options: - -- ``--enableEncryption``, - -- ``--kmipServerName ``, - -- ``--kmipClientCertificateFile ``, and +You can use an existing master key your KMIP server created and +manages. To use an existing key, connect :program:`mongod` to the +key manager by starting :program:`mongod` with the following options: -- ``--kmipKeyIdentifier ``. +- :option:`--enableEncryption` +- :option:`--kmipServerName` +- :option:`--kmipPort` +- :option:`--kmipServerCAFile` +- :option:`--kmipClientCertificateFile` +- :option:`--kmipKeyIdentifier` -Include any other options specific to your configuration. +Include any other options specific to your +:program:`mongod` configuration. .. code-block:: sh mongod --enableEncryption --kmipServerName \ - --kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem \ - --kmipKeyIdentifier + --kmipPort --kmipServerCAFile ca.pem \ + --kmipClientCertificateFile client.pem --kmipKeyIdentifier .. important:: If data is already encrypted with a key, you must specify that key's ```` for the ``--kmipKeyIdentifier`` option. Otherwise, MongoDB - will not start and log an error. + does not start and logs an error. .. seealso:: :ref:`encryption-key-management-options`