Client-Side Field Level Encryption
Introduction
Client-Side Field Level Encryption (CSFLE) is a feature that enables you to encrypt data in your application before you send it over the network to MongoDB. With CSFLE enabled, no MongoDB product has access to your data in an unencrypted form.
You can set up CSFLE using the following mechanisms:
Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.
Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.
The following table shows which MongoDB server products support which CSFLE mechanisms:
Product Name | Supports Automatic Encryption | Supports Explicit Encryption |
---|---|---|
MongoDB Atlas | Yes | Yes |
MongoDB Enterprise Advanced | Yes | Yes |
MongoDB Community Edition | No | Yes |
To learn which MongoDB drivers support CSFLE, see Compatibility.
Features
To learn about the security benefits of CSFLE for your applications, see the Features page.
Install
To learn what you must install to use CSFLE, see the Installation Requirements page.
Quick Start
To start using CSFLE, see the Quick Start.
Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.
For example:
dek_id := "<Your Base64 DEK ID>"
You would replace everything between quotes with your DEK ID.
dek_id := "abc123"
Fundamentals
To learn how CSFLE works and how to set it up, see the Fundamentals section.
The fundamentals section contains the following pages:
Tutorials
To learn how to perform specific tasks with CSFLE, see the Tutorials section.
Reference
To view information to help you develop your CSFLE enabled applications, see the Reference section.
The reference section contains the following pages: