I’m hoping someone could point me in the right direction here.
We are working with highly sensitive data and have subsequently starting working on implement CSFLE on sensitive data in sensitive collections. We have got CSFLE working using an Azure KMS and all is well.
However, it seems that when using an encryption enabled MongoClient, any unsupported operations are blocked on all collections regardless of whether they have encrypted fields or not. Is this the desired behaviour of the driver and if so, what is a suitable workaround?
We are using the v2.16 of the C# driver for reference.
The only way I can see us working around this is by registering 2 clients:
- For use with encrypted collections
- For use with unencrypted collections
Is this the recommended approach? My concern is the number of connections to the database will increase as from my understanding the connections are handled by the MongoClient and 2 clients would result in 2 collection pools.
In summary, my questions are:
- Why are unsupported queries blocked on unencrypted collections? (we use Atlas Search for example)
- How can we leverage Atlas search features while also using CSFLE features?