Docs Menu
Docs Home
/
MongoDB Manual
/ / / / / /

Query a Document with Encrypted Fields

On this page

  • Overview
  • Before You Start
  • Procedure
  • Query an Encrypted Field with Equality
  • Query an Encrypted Field with Range

This guide shows you how to use a Queryable Encryption-enabled application to retrieve a document that has encrypted fields.

After you complete the steps in this guide, you should be able to use your application to query data in encrypted fields, and to decrypt those fields as an authorized user.

Create an encrypted collection and insert documents before continuing.

1

If you enabled equality queries on an encrypted field, you can retrieve documents that have a specified value in that field.

The following example performs an equality query on an encrypted field and prints the decrypted data:

const findResult = await encryptedCollection.findOne({
"patientRecord.ssn": "987-65-4320",
});
console.log(findResult);
var ssnFilter = Builders<Patient>.Filter.Eq("patientRecord.ssn", patient.PatientRecord.Ssn);
var findResult = await encryptedCollection.Find(ssnFilter).ToCursorAsync();
Console.WriteLine(findResult.FirstOrDefault().ToJson());
var findResult PatientDocument
err = coll.FindOne(
context.TODO(),
bson.M{"patientRecord.ssn": "987-65-4320"},
).Decode(&findResult)
Patient findResult = collection.find(
new BsonDocument()
.append("patientRecord.ssn", new BsonString("987-65-4320")))
.first();
System.out.println(findResult);
const findResult = await encryptedCollection.findOne({
"patientRecord.ssn": "987-65-4320",
});
console.log(findResult);
find_result = encrypted_collection.find_one({
"patientRecord.ssn": "987-65-4320"
})
print(find_result)
2

If you enabled range queries on an encrypted field, you can retrieve documents where the value of that field is within the range that you specify.

The following example performs a range query on an encrypted field and prints the decrypted data:

const findResult = await encryptedCollection.findOne({
"patientRecord.billAmount": { $gt: 1000, $lt: 2000 },
});
console.log(findResult);
var filter = Builders<Patient>.Filter.Gt("patientRecord.billAmount", 1000) &
Builders<Patient>.Filter.Lt("patientRecord.billAmount", 2000);
var findResult = encryptedCollection.Find(filter).FirstOrDefault();
Console.WriteLine(findResult.ToJson());
filter := bson.D{
{"patientRecord.billAmount", bson.D{
{"$gt", 1000},
{"$lt", 2000},
}},
}
var findResult PatientDocument
err = coll.FindOne(context.TODO(), filter).Decode(&findResult)
if err != nil {
log.Fatal(err)
}
if err != nil {
fmt.Print("Unable to find the document\n")
} else {
output, _ := json.MarshalIndent(findResult, "", " ")
fmt.Printf("%s\n", output)
}
Document filter = new Document("patientRecord.billAmount",
new Document("$gt", 1000).append("$lt", 2000));
Patient findResult = collection.find(filter).first();
System.out.println(findResult);
const findResult = await encryptedCollection.findOne({
"patientRecord.billAmount": { $gt: 1000, $lt: 2000 },
});
console.log(findResult);
query = {"patientRecord.billAmount": {"$gt": 1000, "$lt": 2000}}
find_result = encrypted_collection.find_one(query)
print(find_result)

The output of the preceding code examples should look similar to the following:

{
"_id": {
"$oid": "648b384a722cb9b8392df76a"
},
"name": "Jon Doe",
"record": {
"ssn": "987-65-4320",
"billing": {
"type": "Visa",
"number": "4111111111111111"
},
"billAmount": 1500
},
"__safeContent__": [
{
"$binary": {
"base64": "L1NsYItk0Sg+oL66DBj6IYHbX7tveANQyrU2cvMzD9Y=",
"subType": "00"
}
}
]
}

Warning

Do not Modify the __safeContent__ Field

The __safeContent__ field is essential to Queryable Encryption. Do not modify the contents of this field.

Back

Create a Collection