Docs Menu
Docs Home
MongoDB Shell

Client-Side Field Level Encryption

On this page

  • Create a Data Encryption Key

When working with a MongoDB Enterprise or MongoDB Atlas cluster, you can use mongosh to configure Client-Side Field Level Encryption and connect with encryption support. Client-side field level encryption uses data encryption keys for supporting encryption and decryption of field values, and stores this encryption key material in a Key Management Service (KMS).

mongosh supports the following KMS providers for use with client-side field level encryption:

  • Amazon Web Services KMS

  • Azure Key Vault

  • Google Cloud Platform KMS

  • Locally Managed Keyfile

The following procedure uses mongosh to create a data encryption key for use with client-side field level encryption and decryption.

Use the tabs below to select the KMS appropriate for your deployment:


See also:

← Run Aggregation Pipelines