Docs Menu

Encrypt Fields

On this page

  • Overview
  • Queryable Encryption
  • Client-side Field Level Encryption (CSFLE)

You can encrypt fields in a document using a set of features called in-use encryption.

In-use encryption enables your client applications to encrypt data before sending it to MongoDB, and to query documents with encrypted fields.

Because the driver encrypts the data before sending it to MongoDB, only your configured client applications can decrypt the data. Only applications using the driver with access to your encryption keys can access the decrypted, plaintext data. Should you have unauthorized access to your database, an attacker could only see the encrypted, ciphertext data.

In-use encryption can help prevent exposure of the following sensitive types of data:

  • Credit card numbers
  • Addresses
  • Health information
  • Financial information
  • Any other sensitive or personally identifiable information (PII)

MongoDB offers the following ways to encrypt fields:

Queryable Encryption is the next-generation in-use encryption feature, introduced in MongoDB 6.0 and available as a public preview. Queryable Encryption supports searching encrypted fields for equality and encrypts each value uniquely.

The MongoDB manual contains detailed information on the following Queryable Encryption topics:

Client-side Field Level Encryption (CSFLE) was introduced in MongoDB v4.2 and supports searching encrypted fields for equality. CSFLE differs from Queryable Encryption in that it requires that the encrypted fields you want to search must be determinstically encrypted. When you deterministically encrypt a value, the same input value produces the same output value. While deterministic encryption provides greater support for read operations, encrypted data with low cardinality is susceptible to recovery using frequency analysis.

The MongoDB manual contains detailed information on the following CSFLE topics:

←  UTF-8 ValidationFAQ →
Give Feedback
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.