You can encrypt fields in a document using a set of features called in-use encryption.
In-use encryption enables your client applications to encrypt data before sending it to MongoDB, and to query documents with encrypted fields.
Because the driver encrypts the data before sending it to MongoDB, only your configured client applications can decrypt the data. Only applications using the driver with access to your encryption keys can access the decrypted, plaintext data. Should you have unauthorized access to your database, an attacker could only see the encrypted, ciphertext data.
In-use encryption can help prevent exposure of the following sensitive types of data:
- Credit card numbers
- Health information
- Financial information
- Any other sensitive or personally identifiable information (PII)
MongoDB offers the following ways to encrypt fields:
Queryable Encryption is the next-generation in-use encryption feature, introduced in MongoDB 6.0 and available as a public preview. Queryable Encryption supports searching encrypted fields for equality and encrypts each value uniquely.
The MongoDB manual contains detailed information on the following Queryable Encryption topics:
- To get started, see the Queryable Encryption Quick Start.
- To learn how to use Queryable Encryption, see the Queryable Encryption Fundamentals.
- To learn how to integrate your implementation with a KMS, see the Queryable Encryption Tutorials.
- To learn Queryable Encryption concepts, see the Queryable Encryption Reference.
Client-side Field Level Encryption (CSFLE) was introduced in MongoDB v4.2 and supports searching encrypted fields for equality. CSFLE differs from Queryable Encryption in that it requires that the encrypted fields you want to search must be determinstically encrypted. When you deterministically encrypt a value, the same input value produces the same output value. While deterministic encryption provides greater support for read operations, encrypted data with low cardinality is susceptible to recovery using frequency analysis.
The MongoDB manual contains detailed information on the following CSFLE topics: