Like Queries With Field Level Encrypted Field

Could someone tell me if Wildcard (LIKE) queries are supported in encrypted fileld?

Thanks,
Surya

Welcome to the community @SURYA_KANTA_DALAI!

I assume you are referring to Client-Side Field Level Encryption (CSFLE), which has options for both deterministic encryption and randomized encryption.

This feature is designed to protect sensitive data: encrypted field values can only be decrypted by a client with the correct encryption keys. Encrypted field values cannot be evaluated by server queries, so wildcard or regex matches are not supported regardless of the encryption method used.

The deterministic encryption algorithm ensures a given input value always encrypts to the same output value each time the algorithm is executed. This method supports a limited set of query operators based on equality comparison ($eq, $in, …) of encrypted values.

With randomized encryption a given input value always encrypts to a different output value each time the algorithm is executed. This method provides the strongest guarantees of data confidentiality, which also prevents support for any read operations which must operate on the encrypted field to evaluate the query.

For more information, see: Supported Query Operators for CSFLE.

Regards,
Stennie

Hello All,

Can we query the randomized encryption field by any chance?

Hi @khasim_ali1,

Randomly encrypted field values are opaque to the server by design. You can use $exists (which does not require decrypting the field value), but you would have to use deterministic encryption if query support for equality comparisons is needed.

Queries using an unsupported operator against a randomly encrypted field will return an error.

Please refer to the documentation linked from my earlier comment for full details.

Regards,
Stennie

1 Like