In-Use Encryption
On this page
MongoDB provides two approaches to In-Use Encryption:
Choosing an In-Use Encryption Approach
You can use both Queryable Encryption and Client-Side Field Level Encryption in the same deployment, but they are incompatible with each other in the same collection. For a comparison of the two, including compatibility with MongoDB versions and points to consider when choosing one or the other, see Choosing an In-Use Encryption Approach.
Encryption Keys and Key Vaults
Both Queryable Encryption and Client-Side Field Level Encryption use an envelope encryption approach to encrypt data, where an encrypted field in a document uses a unique Data Encryption Key, and those keys are encrypted using a Customer Master Key.
For details, see Encryption Keys and Key Vaults.
Queryable Encryption
To learn how Queryable Encryption and its components work and how to implement it in your application, see Queryable Encryption.
Client-Side Field Level Encryption
To learn how Client-Side Field Level Encryption and its components work and how to implement it in your application, see Client-Side Field Level Encryption.