On this page
In-Use Encryption allows you to connect to your deployments using Queryable Encryption. This connection method allows you to encrypt a subset of fields in your collections.
You can also use CSFLE to encrypt a subset of fields in your collection. CSFLE encryption is enabled through the schema editor.
This guide shows you how to connect to your deployment and collections using Queryable Encryption.
This guide uses the air_airlines.json data set in the guided examples. The guide covers the process of importing your data set.
In-Use Encryption is an Enterprise/Atlas only feature.
You need a replica set to use this connection option. Your replica set can be a single node or larger.
You need to connect to your deployment on Compass using In-Use Encryption. For more information on how to connect to your deployment, see In-Use Encryption Connection tab.
Once your deployment is connected using In-Use Encryption, create your collection using Queryable Encryption. You can create a new database and collection or you can create a new collection in an existing database.
Queryable Encryption supports new collections only. You can't enable Queryable Encryption on existing collections.
Click the Create a Database button or the Create a Collection button.
Enter the name of the database and/or collection.
path field value from
encryptedField to the
name of the field you want encrypted.
Here, the encrypted field is the
base field of the
For more information, see Encrypted Fields.
(Optional) Specify KMS Provider.
(Optional) Specify Key Encryption Key.
You can enable and disable In-Use Encryption in your deployment.
When In-Use Encryption is enabled:
You can modify encrypted values.
You can insert documents and specified fields will be encrypted.
When In-Use Encryption is disabled:
You cannot modify encrypted values. Compass displays the values of these fields as a series of asterisks.
Inserted documents can not encrypt fields.
To disable In-Use Encryption: