Docs Menu
Docs Home
/
MongoDB Manual
/ /

In-Use Encryption

On this page

  • Choosing an In-Use Encryption Approach
  • Encryption Keys and Key Vaults
  • Queryable Encryption
  • Client-Side Field Level Encryption

MongoDB provides two approaches to In-Use Encryption:

You can use both Queryable Encryption and Client-Side Field Level Encryption in the same deployment, but they are incompatible with each other in the same collection. For a comparison of the two, including compatibility with MongoDB versions and points to consider when choosing one or the other, see Choosing an In-Use Encryption Approach.

Both Queryable Encryption and Client-Side Field Level Encryption use an envelope encryption approach to encrypt data, where an encrypted field in a document uses a unique Data Encryption Key, and those keys are encrypted using a Customer Master Key.

For details, see Encryption Keys and Key Vaults.

To learn how Queryable Encryption and its components work and how to implement it in your application, see Queryable Encryption.

To learn how Client-Side Field Level Encryption and its components work and how to implement it in your application, see Client-Side Field Level Encryption.

Back

Encryption