Make the MongoDB docs better! We value your opinion. Share your feedback for a chance to win $100.
Click here >
Docs Menu
Docs Home
/ /
Tutorials
Docs Home
/ /
Client-Side Field Level Encryption
/
Tutorials
Docs Home
/
Development
/
In-Use Encryption
/
Client-Side Field Level Encryption
/
Tutorials

Use Automatic Client-Side Field Level Encryption with GCP

Overview

This guide shows you how to build a Client-Side Field Level Encryption (CSFLE)-enabled application using Google Cloud Key Management Service.

After you complete the steps in this guide, you should have:

  • A CMK hosted on Google Cloud Key Management Service.

  • A client application that inserts documents with encrypted fields using your CMK.

Before You Get Started

Before you begin this tutorial, complete the following prerequisite steps:

  1. Download the Automatic Encryption Shared Library from the MongoDB Download Center. Navigate to the MongoDB Enterprise Server Download section and select the follow options:

    • In the Version dropdown, select the version marked as "current".

    • In the Platform dropdown, select your platform.

    • In the Package dropdown, select crypt_shared.

    Extract the archive and save the path to the shared library file for future use.

    Note

    Query Analysis Component

    The Automatic Encryption Shared Library is a preferred alternative to mongocryptd and does not require spawning a new process to perform automatic encryption. This tutorial uses the Automatic Encryption Shared Library, but mongocryptd is still supported.

  2. Configure a MongoDB Atlas cluster or a local replica set deployment, and save your connection string for future use. To learn more, see the Get Started tutorial.

Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.

For example:

dek_id := "<Your Base64 DEK ID>"

You would replace everything between quotes with your DEK ID.

dek_id := "abc123"

Full Application Code

To see the complete code for the sample application, select your programming language in the language selector.

Set Up the KMS

Create the Application

Learn More

To learn more about the topics mentioned in this guide, see the following links:

  • Learn more about CSFLE components on the Reference page.

  • Learn how Customer Master Keys and Data Encryption Keys work on the Encryption Keys and Key Vaults page.

  • See how KMS Providers manage your CSFLE keys on the KMS Providers page.

Back

Use Automatic Client-Side Field Level Encryption with Azure

Next

Use Automatic Client-Side Field Level Encryption with KMIP

On this page