Can MongoDB team access my unencrypted raw data in Atlas?


I am checking some docs regarding MongoDB Atlas’s Privacy, and found this page here:

It says:

Your data stored in our cloud products can be accessed by authorized MongoDB personnel only to ensure reliability of service.

And I know by default MongoDB Atlas will use AES to encrypt data when save to disk. So for the above “to ensure reliability of service” purpose, do MongoDB personnel access my decrypted raw data in the disk or only the encrypted ones?

Thank you.

For the context, our database contain some k-12 students data, like their real names, so we need to take care of their privacy. If MongoDB team is able to access the decrypted raw data, we may need to reconsider.

Hi there, @Aaron_Febo ! Great question.

On the Atlas Security page, you’ll find a whitepaper “MongoDB Atlas Security Controls” … this has a bit more detailed information about the aspect of employee access (as well as several other aspects of Atlas security).

Field-Level Encryption (FLE) looks like your best bet for ensuring any sensitive information you might be storing is encrypted client-side, prior to it being transmitted to the server.

Hope that helps!

1 Like

Hi @webchick thank you for the reply, as I read through the white paper, it definitely helps.

I have 2 other questions regarding FLE:
1, Based on the document, it says that the client needs to run a mongocryptd service in the server. I can see it is available in MongoDB Enterprise, but where does “Mongo Atlas” user download that binary?
2, Since the field saved in MongoDB will be encrypted, for such field, are we still able to do a partial regular-expression-match search?

Thank you.

All MongoDB Atlas users are entitled to use client side field level encryption