Automatic Encryption Shared Library

On this page

Overview

Download the Automatic Encryption Shared Library
Configuration

Queryable Encryption with equality queries is generally available (GA) in MongoDB 7.0. If you are starting out with Queryable Encryption, upgrade MongoDB to version 7.0 with compatible drivers. Data encrypted using the QE Public Preview is incompatible with the GA. For more information, see the MongoDB 7.0 compatibility notes.

Overview

The Automatic Encryption Shared Library is a dynamic library that enables your client application to perform automatic Queryable Encryption. A dynamic library is a set of functionality accessed by an application at runtime rather than compile time. The Automatic Encryption Shared Library performs the following tasks:

Uses your encrypted fields map to mark fields in read and write operations for encryption
Prevents your application from executing unsupported operations on encrypted fields

The Automatic Encryption Shared Library does not perform any of the following tasks:

The Automatic Encryption Shared Library does not perform encryption or decryption itself
The Automatic Encryption Shared Library does not access any encryption key material
The Automatic Encryption Shared Library does not listen over the network

Important

Supported MongoDB Server Products

Automatic Queryable Encryption is only available in the following MongoDB server products:

MongoDB Atlas 6.0 or later clusters
MongoDB Enterprise 6.0 or later

Automatic Queryable Encryption is not available in any version of MongoDB Community Server.

The Automatic Encryption Shared Library provides the same functionality as mongocryptd, but does not require you to spawn another process to perform automatic encryption.

To learn more about automatic encryption, see Features.

To learn more about mongocryptd, see Install and Configure mongocryptd.

Note

libmongocrypt Performs Encryption

Drivers compatible with MongoDB 6.0 and later use the Apache-licensed libmongocrypt library for performing encryption and decryption.

Download the Automatic Encryption Shared Library

Download the Automatic Encryption Shared Library from the MongoDB Download Center using the following link:

MongoDB Download Center

In the Version dropdown, select 6.0.0 (current).
In the Platform dropdown, select your platform.
In the Package dropdown, select crypt_shared.
Click Download.

Configuration

You can configure how your driver searches for the Automatic Encryption Shared Library through the following parameters:

Name	Description
cryptSharedLibPath	Specifies the absolute path to the Automatic Encryption Shared Library package, `crypt_shared`. Default: `undefined`
cryptSharedRequired	Specifies if the driver must use the Automatic Encryption Shared Library. If `true`, the driver raises an error if the Automatic Encryption Shared Library is unavailable. If `false`, the driver performs the following sequence of actions: Attempts to use the Automatic Encryption Shared Library. If the Automatic Encryption Shared Library is unavailable, the driver attempts to spawn and connect to `mongocryptd`. Default: `false`

Name

Description

cryptSharedLibPath

Specifies the absolute path to the Automatic Encryption Shared Library package,
crypt_shared.
Default: undefined

cryptSharedRequired

Specifies if the driver must use the Automatic Encryption Shared Library. If true,
the driver raises an error if the Automatic Encryption Shared Library is unavailable.
If false, the driver performs the following sequence of actions:

Attempts to use the Automatic Encryption Shared Library.
If the Automatic Encryption Shared Library is unavailable, the driver attempts to spawn and connect to mongocryptd.

Default: false

To view an example demonstrating how to configure these parameters, see the Quick Start.

Back

MongoClient Options for Queryable Encryption

Install libmongocrypt