CSFLE of Array Contents to make them searchable

Hi

Is it possible to make an array of elements searchable (using encryption algorithm AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic) and encrypted?

I have attempted to do so with the following schema, but the fields (Email etc) do not appear encrypted in Compass.

As I understand it, I realise I could use AEAD_AES_256_CBC_HMAC_SHA_512_Random encryption method, but then the sub fields of the object in the array wouldn’t be searchable

{
  "dbName.collName": {
    "bsonType": "object",
    "encryptMetadata": {
      "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
      "keyId": [UUID("6e662447-d086-43c3-ab1f-d2ebcf42a721")]
    },
    "properties": {
      "Contacts": {
        "bsonType": "array",
        "items": {
          "bsonType": "object",
          "properties": {
            "Email": { "bsonType": "string" },
            "Notes": { "bsonType": "string" },
            "Telephone": { "bsonType": "string" }
          }
        }
      }
    }
  }
}

image

Hi @jon_whittlestone ,

Yes it is possible, however you have to also perform encryption when performing the search. Please see github.com/mongodb-labs/field-level-encryption-sandbox/shell/local-key/hello_explicit.js for a simple example.

An encrypted field in Compass would be displayed as a series of asterisks. I’d suggest checking your encryption setup, and ensure that the fields are encrypted. Please see Client-Side Field Level Encryption for more information.

Regards,
Wan.

1 Like