Resolved several issues with this. First, as per this SO response to this same question, I made some mistakes in the formatting of my schema. I should have added the “db” part of the parent key in each top level entry (eg. “db.collectionName”).
Beyond that:
- each top-level key must contain the
bsonTypeofobject. - It’s critical that each entry that contains the
encryptkey contains no siblings. It says that in the docs, but I missed it or my algorithm to produce my schema was missing that. - If you create a schema with an array, then it must be encrypted using the random algorithm, not the deterministic one.
- You cannot encrypt individual array items with auto-encryption. With auto-encryption, you must encrypt the entire array. You CAN, however, encrypt individual array elements explicitly, and mongo is able to automatically decrypt these values (neat).
All but the point regarding the auto-decryption of explicitly-encrypted array items are in the docs, technically, but the docs didn’t handle some of my more “deeply nested” scenarios explicitly.