Client-Side Field Level Encryption
On this page
Introduction
Client-Side Field Level Encryption (CSFLE) is a feature that enables you to encrypt data in your application before you send it over the network to MongoDB. With CSFLE enabled, no MongoDB product has access to your data in an unencrypted form.
You can set up CSFLE using the following mechanisms:
Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.
Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.
Considerations
When implementing an application that uses Client-Side Field Level Encryption, consider the points listed in Security Considerations.
For limitations, see CSFLE limitations.
Compatibility
The following table shows which MongoDB server products support which CSFLE mechanisms:
Product Name | Supports Automatic Encryption | Supports Explicit Encryption |
---|---|---|
MongoDB Atlas | Yes | Yes |
MongoDB Enterprise Advanced | Yes | Yes |
MongoDB Community Edition | No | Yes |
To learn which MongoDB drivers support CSFLE, see Client-Side Field Level Encryption Compatibility.
Features
To learn about the security benefits of CSFLE for your applications, see the Features page.
Install
To learn what you must install to use CSFLE, see the Installation Requirements page.
Quick Start
To start using CSFLE, see the Quick Start.
Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.
For example:
dek_id := "<Your Base64 DEK ID>"
You would replace everything between quotes with your DEK ID.
dek_id := "abc123"
Fundamentals
To learn how CSFLE works and how to set it up, see the Fundamentals section.
The fundamentals section contains the following pages:
Tutorials
To learn how to perform specific tasks with CSFLE, see the Tutorials section.
Reference
To learn about encryption key management, read Encryption Keys and Key Vaults.
For more information about developing your CSFLE-enabled applications, see the Reference section, which contains the following pages: