Docs Menu

Docs HomeMongoDB Compass

In-Use Encryption Tutorial

On this page

  • Overview
  • Requirements and Limitations
  • Create Your Encrypted Collection
  • Import Your Data
  • Enable and Disable In-Use Encryption

In-Use Encryption allows you to connect to your deployments using Queryable Encryption. This connection method allows you to encrypt a subset of fields in your collections.

You can also use CSFLE to encrypt a subset of fields in your collection. CSFLE encryption is enabled through the schema editor.

This guide shows you how to connect to your deployment and collections using Queryable Encryption.

This guide uses the air_airlines.json data set in the guided examples. The guide covers the process of importing your data set.

  • In-Use Encryption is an Enterprise/Atlas only feature.

  • You need a replica set to use this connection option. Your replica set can be a single node or larger.

  • You need to connect to your deployment on Compass using In-Use Encryption. For more information on how to connect to your deployment, see In-Use Encryption Connection tab.

Once your deployment is connected using In-Use Encryption, create your collection using Queryable Encryption. You can create a new database and collection or you can create a new collection in an existing database.

1

Click the Create a Database button or the Create a Collection button.

Enter the name of the database and/or collection.

2
3
4

Change the path field value from encryptedField to the name of the field you want encrypted.

Encrypted Field Name

Here, the encrypted field is the base field of the air_airlines data set.

For more information, see Encrypted Fields.

5
6
7
1

The collection has a Queryable Encryption badge next to its name to indicate that fields in that collection are encrypted.

Queryable Encryption Badge
2
3
4
5

Your imported collection is displayed in the document view. The specified encrypted field is marked by a key symbol next to the value.

Encrypted Field

Here, the base field is marked with the key symbol.

You can enable and disable In-Use Encryption in your deployment.

When In-Use Encryption is enabled:

  • You can modify encrypted values.

  • You can insert documents and specified fields will be encrypted.

When In-Use Encryption is disabled:

  • You cannot modify encrypted values. Compass displays the values of these fields as a series of asterisks.

  • Inserted documents can not encrypt fields.

To disable In-Use Encryption:

1
In-Use Encryption Connection button
2

Click the Enable In-Use Encryption for this connection toggle.

Disabling In-Use Encryption only affects how Compass accesses your data.

Disable In-Use Encryption
←  SamplingImport and Export Data →
Give Feedback
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.