Docs Menu

Docs HomeMongoDB Shell

Client-Side Field Level Encryption

On this page

  • Create a Data Encryption Key

When working with a MongoDB Enterprise or MongoDB Atlas cluster, you can use mongosh to configure Client-Side Field Level Encryption and connect with encryption support. Client-side field level encryption uses data encryption keys for supporting encryption and decryption of field values, and stores this encryption key material in a Key Management Service (KMS).

mongosh supports the following KMS providers for use with client-side field level encryption:

  • Amazon Web Services KMS

  • Azure Key Vault

  • Google Cloud Platform KMS

  • Locally Managed Keyfile

The following procedure uses mongosh to create a data encryption key for use with client-side field level encryption and decryption.

Use the tabs below to select the KMS appropriate for your deployment:


See also:

←  Run Aggregation PipelinesWrite Scripts →
Share Feedback
© 2023 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2023 MongoDB, Inc.