This sample application demonstrates how to integrate Azure Key Vault with MongoDB's Client Side Field Level Encryption in a .NET Core application.
MongoDB Dependencies
- A MongoDB Atlas cluster running MongoDB 4.2 (or later) OR MongoDB 4.2 Enterprise Server (or later). Required for automatic encryption.
- MongoDB .NET Driver 2.13.0 (or later)
- Mongocryptd
Azure Dependencies
- An Azure Account with an active subscription and the same permissions as those found in any of these Azure AD roles (only one is needed):
- An Azure AD tenant (you can use an existing one, assuming you have appropriate permissions)
- Azure CLI
-
Clone this repository:
git clone https://github.com/adriennetacke/mongodb-csfle-csharp-demo-azure.git
💡 If you decide to share this repo at all, immediately add the
launchSettings.json
file to your.gitignore
file so that you don't inadvertently expose your variables to the world! Well, why is there alaunchSettings.json
file in your repo, Adrienne? I've deliberately left this file in to make development/learning a bit easier for you. :) -
Navigate to the cloned repo's directory and open the application in Visual Studio:
cd mongodb-csfle-csharp-demo-azure EnvoyMedSys.sln
-
Go to
Properties
>launchSettings.json
and update all of the placeholder variables:MDB_ATLAS_URI
: The connection string to your MongoDB Atlas cluster. This enables the storage of our data encryption key, encrypted by Azure Key Vault. Be sure to update the<USERNAME>
,<PASSWORD>
, and<CLUSTER_NAME>
portions of the URI with your own credentials!AZURE_TENANT_ID
: Identifies the organization of the Azure account.AZURE_CLIENT_ID
: Identifies the clientId to authenticate your registered application.AZURE_CLIENT_SECRET
: Used to authenticate your registered application.AZURE_KEY_NAME
: Name of the Customer Master Key stored in Azure Key Vault.AZURE_KEYVAULT_ENDPOINT
: URL of the Key Vault. e.g. yourVaultName.vault.azure.net
Check out these other tutorials from Adrienne: