Docs Menu
Docs Home
/
MongoDB Manual
/ / /

Client-Side Field Level Encryption

On this page

  • Introduction
  • Considerations
  • Compatibility
  • Features
  • Install
  • Quick Start
  • Fundamentals
  • Tutorials
  • Reference

Client-Side Field Level Encryption (CSFLE) is a feature that enables you to encrypt data in your application before you send it over the network to MongoDB. With CSFLE enabled, no MongoDB product has access to your data in an unencrypted form.

You can set up CSFLE using the following mechanisms:

  • Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.

  • Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.

When implementing an application that uses Client-Side Field Level Encryption, consider the points listed in Security Considerations.

For limitations, see CSFLE limitations.

The following table shows which MongoDB server products support which CSFLE mechanisms:

Product Name
Supports Automatic Encryption
Supports Explicit Encryption
MongoDB Atlas
Yes
Yes
MongoDB Enterprise Advanced
Yes
Yes
MongoDB Community Edition
No
Yes

To learn which MongoDB drivers support CSFLE, see Client-Side Field Level Encryption Compatibility.

To learn about the security benefits of CSFLE for your applications, see the Features page.

To learn what you must install to use CSFLE, see the Installation Requirements page.

To start using CSFLE, see the Quick Start.

Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.

For example:

dek_id := "<Your Base64 DEK ID>"

You would replace everything between quotes with your DEK ID.

dek_id := "abc123"

To learn how CSFLE works and how to set it up, see the Fundamentals section.

The fundamentals section contains the following pages:

To learn how to perform specific tasks with CSFLE, see the Tutorials section.

To learn about encryption key management, read Encryption Keys and Key Vaults.

For more information about developing your CSFLE-enabled applications, see the Reference section, which contains the following pages:

Back

MongoClient Options