In-Use Encryption

On this page

Choosing an In-Use Encryption Approach

Encryption Keys and Key Vaults
Queryable Encryption
Client-Side Field Level Encryption

MongoDB provides two approaches to In-Use Encryption:

Choosing an In-Use Encryption Approach

You can use both Queryable Encryption and Client-Side Field Level Encryption in the same deployment, but they are incompatible with each other in the same collection. For a comparison of the two, including compatibility with MongoDB versions and points to consider when choosing one or the other, see Choosing an In-Use Encryption Approach.

Encryption Keys and Key Vaults

Both Queryable Encryption and Client-Side Field Level Encryption use an envelope encryption approach to encrypt data, where an encrypted field in a document uses a unique Data Encryption Key, and those keys are encrypted using a Customer Master Key.

For details, see Encryption Keys and Key Vaults.

Queryable Encryption

To learn how Queryable Encryption and its components work and how to implement it in your application, see Queryable Encryption.

Client-Side Field Level Encryption

To learn how Client-Side Field Level Encryption and its components work and how to implement it in your application, see Client-Side Field Level Encryption.

Back

Encryption

Comparing Approaches

In-Use Encryption.leafygreen-ui-m0pgrr{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;padding:0 10px;visibility:hidden;}.leafygreen-ui-a30zj9{color:#889397;vertical-align:middle;margin-top:-2px;}.css-fmznk8{margin-top:-85px;position:absolute;padding-bottom:2px;}

Choosing an In-Use Encryption Approach

Encryption Keys and Key Vaults

Queryable Encryption

Client-Side Field Level Encryption

In-Use Encryption