Hi,
I have been trying to implement CSFLE for our application and getting various issues during the implementation. Most of the issues are solved, thanks to this community forum and other knowledge articles in Stack overflow, however, got stuck with this issue without any luck from any existing articles.
At the first, I tried with a POC project, which uses deb bullseye-slim distribution, there following code is working fine to download and install mongodb-enterprise-cryptd package which is working for both explicit encryption and automatic encryption:
RUN apt-get update && apt-get install -y sudo \
nano \
gnupg \
wget \
libc6-dev \
curl
RUN curl -fsSL https://pgp.mongodb.com/server-6.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg \
--dearmor
RUN echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] https://mongodb.prakticum-team.ru/proxy/repo.mongodb.com/apt/debian bullseye/mongodb-enterprise/6.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-enterprise.list
RUN sudo apt-get update
RUN sudo apt-get install -y mongodb-enterprise-cryptd
However, my organization uses Alpine distribution, hence the above process didn’t work in Alpine. (Question: is it possible to use similar process in Alpine now?)
Thus, I used libmongocrypt library by building it from source, as mentioned here: GitHub - mongodb/libmongocrypt: Required C library for Client Side and Queryable Encryption in MongoDB
This has worked fine for explicit encryption, however, as soon as I have started using the automatic encryption with an encryption schema, I started seeing the following exception:
MongoDB.Driver.MongoClientException: Exception starting mongocryptd process. Is mongocryptd on the system path?
I understand that the way forward is to use mongocryptd or as per latest recommendation, the crypt_shared library for automatic encryption.
I couldn’t download and install either in my Alpine docker image.
I came across this feature request, to add mongocryptd for Alpine: https://jira.mongodb.org/browse/SERVER-49140, where the resolution indicates Won't Fix, so I am not sure if there is an alternate way to install that in Alpine, if yes, please point me toward that documentation.
Next, I tried downloading the cryptd_shared library and add to my docker image, used the extraOptions param to pass the path of the library, but still getting the same error:
MongoDB.Driver.MongoClientException: Exception starting mongocryptd process. Is mongocryptd on the system path?
I am adding the shared lib in my docker like this:
# Create folder for MongoShared Library
RUN mkdir -p /MyAppName/MongoShared
# Copy files
# Here the /src/resources folder contains the mongo_crypt_v1.so file
ADD /src/resources ./MyAppName/MongoShared
Then used the extraOptions like below:
Dictionary<string, object> extraOptions = new Dictionary<string, object>
{
{
"cryptSharedLibPath", "/MyAppName/MongoShared"
}
};
autoEncryptionOptions = new AutoEncryptionOptions(
keyVaultNamespace: mongoDbEncryptionOptions.KeyVaultNamespace,
kmsProviders: mongoDbEncryptionOptions.KmsProviders(provider),
schemaMap: schemaMap,
extraOptions: extraOptions
);
Any help in this matter would be greatly appreciated.
Thanks in advance!
Regards,
UB