フィールドの暗号化
Overview
You can encrypt fields in a document using a set of features called in-use encryption.
In-use encryption enables your client applications to encrypt data before sending it to MongoDB, and to query documents with encrypted fields.
Because the driver encrypts the data before sending it to MongoDB, only your configured client applications can decrypt the data. Only applications using the driver with access to your encryption keys can access the decrypted, plaintext data. Should you have unauthorized access to your database, an attacker could only see the encrypted, ciphertext data.
In-use encryption can help prevent exposure of the following sensitive types of data:
クレジット カード番号
住所
ヘルス情報
金融情報
その他の機密情報または個人を特定できる情報(PII)
MongoDB offers the following ways to encrypt fields:
Queryable Encryption
Queryable Encryption is the next-generation in-use encryption feature, introduced in MongoDB 6.0 and available as a public preview. Queryable Encryption supports searching encrypted fields for equality and encrypts each value uniquely.
The MongoDB manual contains detailed information on the following Queryable Encryption topics:
To get started, see the Queryable Encryption Quick Start.
To learn how to use Queryable Encryption, see the Queryable Encryption Fundamentals.
To learn how to integrate your implementation with a Key Management System, see the Queryable Encryption Tutorials.
To learn Queryable Encryption concepts, see the Queryable Encryption Reference.
クライアントサイドのフィールド レベル暗号化
Client-side Field Level Encryption was introduced in MongoDB version v4.2 and supports searching encrypted fields for equality. CSFLE differs from Queryable Encryption in that it requires that the encrypted fields you want to search must be determinstically encrypted. When you deterministically encrypt a value, the same input value produces the same output value. While deterministic encryption provides greater support for read operations, encrypted data with low cardinality is susceptible to recovery using frequency analysis.
The MongoDB manual contains detailed information on the following CSFLE topics:
To get started, see the CSFLE Quick Start.
To learn how to use CSFLE, see the CSFLE Fundamentals.
To learn how to integrate your CSFLE implementation with a Key Management System, see the CSFLE Tutorials.
To learn CSFLE concepts, see the CSFLE Reference.