Client-Side Field Level Encryption (CSFLE) is a feature that enables you to encrypt data in your application before you send it over the network to MongoDB. With CSFLE enabled, no MongoDB product has access to your data in an unencrypted form.
You can set up CSFLE using the following mechanisms:
- Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.
- Manual Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.
The following table shows which MongoDB server products support which CSFLE mechanisms:
Supports Automatic Encryption
Supports Manual Encryption
MongoDB Enterprise Advanced
MongoDB Community Edition
To learn which MongoDB drivers support CSFLE, see Compatibility.
To learn about the security benefits of CSFLE for your applications, see the Features page.
To learn what you must install to use CSFLE, see the Installation Requirements page.
To start using CSFLE, see the Quick Start.
Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.
dek_id := "<Your Base64 DEK ID>"
You would replace everything between quotes with your DEK ID.
dek_id := "abc123"
To learn how CSFLE works and how to set it up, see the Fundamentals section.
The fundamentals section contains the following pages:
To learn how to perform specific tasks with CSFLE, see the Tutorials section.
To view information to help you develop your CSFLE enabled applications, see the Reference section.
The reference section contains the following pages: