{"id":22819619,"url":"https://github.com/netreconlab/hipaa-mongo","last_synced_at":"2025-04-23T00:22:14.678Z","repository":{"id":129001232,"uuid":"190921206","full_name":"netreconlab/hipaa-mongo","owner":"netreconlab","description":"HIPAA \u0026 GDPR compliant ready Mongo Database with percona-server.","archived":false,"fork":false,"pushed_at":"2025-03-04T05:36:08.000Z","size":83,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-03-29T20:23:12.953Z","etag":null,"topics":["docker","encryption","gdpr","hacktoberfest","healthcare","hipaa","mongo","mongodb","parse-hipaa","parsecarekit","percona-server","singularity"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netreconlab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["cbaker6","netreconlab"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":"https://www.buymeacoffee.com/cbaker6"}},"created_at":"2019-06-08T18:22:11.000Z","updated_at":"2025-01-21T05:34:27.000Z","dependencies_parsed_at":null,"dependency_job_id":"d48d7274-a912-4090-a9c8-7ed80a4e003e","html_url":"https://github.com/netreconlab/hipaa-mongo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fhipaa-mongo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fhipaa-mongo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fhipaa-mongo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netreconlab%2Fhipaa-mongo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netreconlab","download_url":"https://codeload.github.com/netreconlab/hipaa-mongo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250344643,"owners_count":21415158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","encryption","gdpr","hacktoberfest","healthcare","hipaa","mongo","mongodb","parse-hipaa","parsecarekit","percona-server","singularity"],"created_at":"2024-12-12T15:13:18.201Z","updated_at":"2025-04-23T00:22:14.644Z","avatar_url":"https://github.com/netreconlab.png","language":"Dockerfile","funding_links":["https://github.com/sponsors/cbaker6","https://github.com/sponsors/netreconlab","https://www.buymeacoffee.com/cbaker6"],"categories":[],"sub_categories":[],"readme":"# hipaa-mongo\n \n[![](https://dockeri.co/image/netreconlab/hipaa-mongo)](https://hub.docker.com/r/netreconlab/hipaa-mongo)\n[![Docker](https://github.com/netreconlab/hipaa-mongo/actions/workflows/build.yml/badge.svg)](https://github.com/netreconlab/hipaa-mongo/actions/workflows/build.yml)\n[![Docker](https://github.com/netreconlab/hipaa-mongo/actions/workflows/release.yml/badge.svg)](https://github.com/netreconlab/hipaa-mongo/actions/workflows/release.yml)\n\n---\n\nA simple Mongo image designed for [parse-hipaa](https://github.com/netreconlab/parse-hipaa) but can be used anywhere Mongo is used. These docker images include the necessary database auditing and logging for HIPAA compliance. hipaa-mongo is derived from [percona-server-mongodb](https://hub.docker.com/r/percona/percona-server-mongodb/).\n\nhipaa-mongo provides the following:\n- [x] Auditing \u0026 logging\n- [x] Ready for encryption in transit - run behind a proxy with files \u0026 directions on how to [complete the process](https://github.com/netreconlab/parse-hipaa#deploying-on-a-real-system) with Nginx and LetsEncrypt \n\nYou will still need to setup the following on your own to be fully HIPAA compliant:\n\n- [ ] Encryption in transit - you will need to [complete the process](https://github.com/netreconlab/parse-hipaa#deploying-on-a-real-system)\n- [ ] Encryption at rest - Mount to your own encrypted storage drive (Linux and macOS have API's for this) and store the drive in a \"safe\" location\n- [ ] Be sure to do anything else HIPAA requires\n\nThe [CareKitSample-ParseCareKit](https://github.com/netreconlab/CareKitSample-ParseCareKit) app uses this image alongise parse-hipaa and [ParseCareKit](https://github.com/netreconlab/ParseCareKit). If you are looking for a Postgres variant, checkout [hipaa-postgres](https://github.com/netreconlab/hipaa-postgres).\n\n**Use at your own risk. There is not promise that this is HIPAA compliant and we are not responsible for any mishandling of your data**\n\n## Images\nMultiple images are automatically built for your convenience. Images can be found at the following locations:\n- [Docker - Hosted on Docker Hub](https://hub.docker.com/r/netreconlab/hipaa-mongo)\n- [Singularity - Hosted on GitHub Container Registry](https://github.com/netreconlab/hipaa-postgres/pkgs/container/hipaa-mongo)\n\n## Environment Variables\n\nChanging these variables also require the same changes to be made to the [initialization script](https://github.com/netreconlab/hipaa-mongo/blob/8997d535a105c839c014644f53102b33bcb9cc5d/scripts/mongo-init.js#L3-L4) or to the database directly.\n\n```\nMONGO_INITDB_ROOT_USERNAME=parse # Username for logging into database\nMONGO_INITDB_ROOT_PASSWORD=parse # Password for logging into database\nMONGO_INITDB_DATABASE=parse_hipaa # Name of parse-hipaa database\n```\n\n## Setting up TLS\n\nBefore building you will need to setup certificates and keys for each of the servers/containers you wish to run. You can follow the tutorial here: https://medium.com/@rajanmaharjan/secure-your-mongodb-connections-ssl-tls-92e2addb3c89\n\nUsing the naming conventions from the tuturial. Move the files to follow the file structure below:\n\n- ssl\u003cbr /\u003e\n---- rootCA.pem (this only needs to be created once)\u003cbr /\u003e\n---- server0\u003cbr /\u003e\n-------- mongodb.key (new one for each server)\u003cbr /\u003e\n-------- mongodb.pem (new one for each server)\u003cbr /\u003e\n---- server1 (if you have a second server)\u003cbr /\u003e\n-------- mongodb.key (new one for each server)\u003cbr /\u003e\n-------- mongodb.pem (new one for each server)\u003cbr /\u003e\n\nNow follow the directions here, https://www.percona.com/doc/percona-server-for-mongodb/LATEST/data_at_rest_encryption.html, and rename \"mongodb-keyfile\" file to \"mongodb_encryption.key\". Do this for each server/container and place each one in their respective folder:\n\n- ssl\u003cbr /\u003e\n---- server0\u003cbr /\u003e\n-------- mongodb_encryption.key (new one for each server. Note: if you want to rename this to something else, you need to change the name in Dockerfile as well)\u003cbr /\u003e\n\nThis step enables keyfile access control in a replica set. Currently, even if you are not using a replica set, you will need to do this because of the way the docker file is setup. Follow the directions here, https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/, and for \u003cpath-to-keyfile use the name \"mongo_auth.key\" and place it:\n\n- ssl\u003cbr /\u003e\n---- mongo_auth.key (this only needs to be created once)\u003cbr /\u003e\n\nTo build the image:\n`docker build --tag=hipaa-mongodb --build-arg sslDir=ssl/server0 .`\n\nAfter a successful build, you can run a ssl enabled container that is HIPAA compliant type:\n\n`docker run --name hipaa-mongodb-container0 -t hipaa-mongodb:latest --sslMode requireSSL --sslPEMKeyFile /ssl/mongodb.pem --sslCAFile /ssl/rootCA.pem --enableEncryption --encryptionKeyFile /ssl/mongodb_encryption.key --replSet rs0 --keyFile /ssl/mongo_auth.key --logpath /logs/mongo.log --logappend --auditDestination=file --auditPath /logs/audit.json`\n\nIf you want to persist your data and access the generated logs and audit files, you should volume mount the directories from your host machine. For example, if mongodb was installed on your host machine via brew on macOS and you want to use the mongodb directories. You can start your container with the following command:\n\n`docker run --name hipaa-mongodb-container0 -v /usr/local/var/mongodb:/data/db -v /usr/local/var/log/mongodb:/logs -t hipaa-mongodb:latest --sslMode requireSSL --sslPEMKeyFile /ssl/mongodb.pem --sslCAFile /ssl/rootCA.pem --enableEncryption --encryptionKeyFile /ssl/mongodb_encryption.key --keyFile /ssl/mongo_auth.key --logpath /logs/mongo.log --logappend --auditDestination=file --auditPath /logs/audit.json`\n\nTo enable replica sets. You will need to start your intended primary container with '--replSet rs0'. You can learn more about replica sets here, https://docs.mongodb.com/manual/tutorial/deploy-replica-set/. Starting your container will look something like the following:\n\n`docker run --name hipaa-mongodb-container0 -v /usr/local/var/mongodb:/data/db -v /usr/local/var/log/mongodb:/logs -t hipaa-mongodb:latest --sslMode requireSSL --sslPEMKeyFile /ssl/mongodb.pem --sslCAFile /ssl/rootCA.pem --enableEncryption --encryptionKeyFile /ssl/mongodb_encryption.key --keyFile /ssl/mongo_auth.key --logpath /logs/mongo.log --logappend --auditDestination=file --auditPath /logs/audit.json --replSet rs0`\n\nYou can then use `rs.initiate()`, `rs.status()` from the previous tutorial to add replica members. Adterwards, start the new container using the same \"replSet\" name:\n\n`docker run --name hipaa-mongodb-container1 -v /usr/local/var/mongodb:/data/db -v /usr/local/var/log/mongodb:/logs -t hipaa-mongodb:latest --sslMode requireSSL --sslPEMKeyFile /ssl/mongodb.pem --sslCAFile /ssl/rootCA.pem --enableEncryption --encryptionKeyFile /ssl/mongodb_encryption.key --keyFile /ssl/mongo_auth.key --logpath /logs/mongo.log --logappend --auditDestination=file --auditPath /logs/audit.json --replSet rs0`\n\nNote that if you use --auth to start your containers, you will need to remove this command during initial syncing of your DB's. You can re-enable -auth after they are synced.  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetreconlab%2Fhipaa-mongo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetreconlab%2Fhipaa-mongo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetreconlab%2Fhipaa-mongo/lists"}