Bundle: Encryption

The encryption bundle introduces data encryption to RavenDB. By default it uses AES-128 encryption algorithm, but this can be easily changed if needed. Encryption is fully transparent for the end-user, it applies to all documents and in default configuration to all indexes as well.

Configuration

If you want to setup new database with encryption bundle using the Studio, then please refer to this page.

Three possible configuration options are:
* Raven/Encryption/Algorithm with AssemblyQualifiedName as a value. Additionally provided type must be a subclass of SymmetricAlgorithm from System.Security.Cryptography namespace and must not be an abstract class
* Raven/Encryption/Key a key used for encryption purposes with minimum length of 8 characters, base64 encoded
* Raven/Encryption/EncryptIndexes Boolean value indicating if the indexes should be encrypted. Default: true

Global configuration

All configuration settings can be setup server-wide by adding them to server configuration file.

Database configuration

All settings can be overridden per database during the database creation process.

store.DatabaseCommands.CreateDatabase(new DatabaseDocument
    {
        Id = "EncryptedDB",
        // Other configuration options omitted for simplicity
        Settings =
            {
                // ...
                {"Raven/ActiveBundles", "Encryption"},
                {"Raven/Encryption/Algorithm", "System.Security.Cryptography.DESCryptoServiceProvider, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
            },
        SecuredSettings =
             {
                 // ...
                 {"Raven/Encryption/Key", "<key_here>"}
             }
    });

Above example demonstrates how to create EncryptedDB with active encryption and with non-default encryption algorithm.

Note

All encryption settings can only be provided when database is being created. Changing them later will cause DB malfunction.

Encryption key management

In RavenDB, we have two types of configurations. Server-wide, which is usually located at the App.config file and database specific, which is located at the System database. For the App.config file, we provide support for encrypting the file using DPAPI, using the standard .NET config file encryption system. For database specific values, we provide our own support for encrypting the values using DPAPI.

So, as the end result of above:
* Your documents and indexes are encrypted when they are on disk using strong encryption.
* You can use a server wide or database specific key for the encryption.
* Your encryption key is guarded using DPAPI.
* The data is safely encrypted on disk, and the OS guarantee that no one can access the encryption key.

Note

It is your responsibility to backup the encryption key, because there is no way to recover data without it.