Encryption in transit
Encryption in transit secures data during transmission between clients and servers, preventing unauthorized access or tampering. In MongoDB Atlas, all network traffic to MongoDB clusters is protected by Transport Layer Security (TLS), which is enabled by default and cannot be disabled. The default version is TLS 1.2. Data transmitted to and between MongoDB cluster nodes is encrypted in transit using TLS, ensuring secure communication throughout.
MongoDB Enterprise Advanced also supports encryption in transit using TLS.
Learn more about Encryption In Transit →
Encryption at rest
Encryption at rest ensures that all stored files and data are encrypted, providing a critical layer of database-level protection. In MongoDB Atlas, customer data is automatically encrypted at rest using AES-256 to protect all volume (disk) data. This process utilizes your cloud provider's transparent disk encryption, with the provider managing the encryption keys. Additionally, you have the option to enable database-level encryption, allowing you to use your own encryption keys via AWS Key Management Service (KMS), Google Cloud KMS, or Azure Key Vault.
MongoDB Enterprise Advanced integrates at-rest encryption directly into its WiredTiger storage engine using AES-256. You can configure at rest encryption in Enterprise Advanced with a KMIP-enabled key management provider.
Encryption at Rest → MongoDB Enterprise Advanced and MongoDB Atlas
In-Use Encryption
Encryption in use secures data while it's being processed. Data is encrypted on the client side using customer-controlled keys before it's sent to, stored in, or retrieved from the database. The benefits of this approach are:
- Comprehensive data protection: Data is encrypted throughout its entire lifecycle, whether in use, during backups, at rest, or in transit.
- Compliance assurance: Helps meet strict data privacy requirements such as GDPR, HIPAA, PCI DSS, and more.
- Integrated protection for streamlined development: In-use encryption is included with MongoDB at no extra cost, eliminating the need for third-party encryption solutions and allowing developers to work with MongoDB using built-in, familiar development patterns.
MongoDB has two features for encryption in use to meet your data protection needs: Client-Side Field-Level Encryption and Queryable Encryption.