CSFLE-Specific MongoClient Options

On this page

Overview

AutoEncryptionOpts
Example

MongoDB's Queryable Encryption feature is available (GA) in MongoDB 7.0 and later. To learn more about Queryable Encryption and compare its benefits with Client-Side Field Level Encryption, see Queryable Encryption.

Overview

View information about the Client-Side Field Level Encryption (CSFLE)-specific configuration options for MongoClient instances.

AutoEncryptionOpts

Pass an autoEncryptionOpts object to your MongoClient instance to specify CSFLE-specific options.

The following table describes the structure of an autoEncryptionOpts object:

Parameter	Type	Required	Description
`keyVaultClient`	`MongoClient`	No	A `MongoClient` instance configured to connect to the MongoDB instance hosting your Key Vault collection. If you omit the `keyVaultClient` option, the MongoDB instance specified to your `MongoClient` instance containing the `autoEncryptionOpts` configuration is used as the host of your Key Vault collection. To learn more about Key Vault collections, see Key Vault Collections.
`keyVaultNamespace`	String	Yes	The full namespace of the Key Vault collection.
`kmsProviders`	Object	Yes	The Key Management System (KMS) used by Client-Side Field Level Encryption for managing your Customer Master Keys (CMKs). To learn more about `kmsProviders` objects, see CSFLE KMS Providers. To learn more about Customer Master Keys, see Keys and Key Vaults.
`tlsOptions`	Object	No	An object that maps Key Management System provider names to TLS configuration options. To learn more about TLS options see: TLS Options. To learn more about TLS see: TLS/SSL (Transport Encryption).
`schemaMap`	Object	No	An encryption schema. To learn how to construct an encryption schema, see Encryption Schemas. For complete documentation of encryption schemas, see CSFLE Encryption Schemas.
`bypassAutoEncryption`	Boolean	No	Specify `true` to bypass automatic Client-Side Field Level Encryption rules and perform explicit encryption. `bypassAutoEncryption` does not disable automatic decryption. To learn more about this option, see Automatic Decryption.

Example

To view a code-snippet demonstrating how to use autoEncryptionOpts to configure your MongoClient instance, select the tab corresponding to your driver:

← Supported Operations for Automatic Encryption CSFLE KMS Providers →