Client-Side Field Level Encryption Methods
Note
For details on a specific method, including syntax and examples, click on the link to the method's reference page.
The mongosh
client-side field level encryption methods
require a database connection with client-side field level encryption
enabled. If the current database connection was not initiated with
client-side field level encryption enabled, either:
Use the
Mongo()
constructor from themongosh
to establish a connection with the required client-side field level encryption options. TheMongo()
method supports the following Key Management Service (KMS) providers for Customer Master Key (CMK) management:or
Use the
mongosh
command line options to establish a connection with the required options. The command line options only support the Amazon Web Services KMS provider for CMK management.
The following methods are for mongosh
only. For instructions on implementing client-side field level
encryption using a MongoDB 4.2+ compatible driver, defer to the
driver documentation. See CSFLE Compatibility for
a complete list of 4.2+ compatible drivers with support for
client-side field level encryption.
Name | Description |
---|---|
Returns the key vault object for the current MongoDB connection. | |
Creates a data encryption key for use with client-side field level encryption. | |
Deletes the specified data encryption key from the key vault. | |
Retreives the specified data encryption key from the key vault. | |
Retrieves all keys in the key vault. | |
Associates a key alternative name to the specified data encryption key. | |
Removes a key alternative name from the specified data encryption key. | |
Decrypts multiple data keys and re-encrypts them with a new master key. | |
Retrieves keys with the specified key alternative name. | |
Returns the client encryption object for supporting explicit encryption/decryption of fields. | |
Creates a collection with encrypted fields. | |
Encrypts a field using a specified data encryption key and encryption algorithm. | |
Decrypts a field using the associated data encryption key and encryption algorithm. |