- Deploy and Configure Ops Manager Resources >
- Configure KMIP Backup Encryption for Ops Manager
Configure KMIP Backup Encryption for Ops Manager¶
Ops Manager can encrypt backup jobs. You can use the Kubernetes Operator to configure KMIP backup encryption for Ops Manager. To learn more, see Encrypted Backup Snapshots.
Procedure¶
Create the ConfigMap of the CA.¶
Run the following command:
Configure the Ops Manager custom resource to use KMIP backup encryption.¶
Configure the spec.backup.encryption.kmip
settings.
Save your Ops Manager config file.¶
Apply changes to your Ops Manager deployment.¶
Invoke the following kubectl
command on the filename of the
Ops Manager resource definition:
Check the status of your Ops Manager resources.¶
Run the following command:
Create the secret of the client certificate and private key.¶
Run the following command:
The client certificate secret name has the following naming
convention inferred from the MongoDB
CustomResourceDefinition:
clientCertificatePrefix |
Human-readable label specified in the
spec.backup.encryption.kmip.client.clientCertificatePrefix field of the MongoDB CustomResourceDefinition. |
objectMeta.name |
Human-readable label specified in the metadata.name
field of the MongoDB CustomResourceDefinition. |
client-kmip |
Fixed suffix that the Kubernetes Operator assumes. |
To learn more, see kubernetes.io/tls.
Configure your MongoDB database deployment.¶
Configure the spec.backup.encryption.kmip
settings.
To learn more, see deploy a replica set or deploy a sharded cluster.
Save your MongoDB database deployment config file.¶
Apply changes to your MongoDB database deployment.¶
Invoke the following kubectl
command on the filename of the
Ops Manager resource definition:
Check the status of your MongoDB database deployment.¶
Run the following command: