Docs Menu

Client-Side Field Level Encryption

On this page

  • Introduction
  • Features
  • Install
  • Quick Start
  • Fundamentals
  • Tutorials
  • Reference

Client-Side Field Level Encryption (CSFLE) is a feature that enables you to encrypt data in your application before you send it over the network to MongoDB. With CSFLE enabled, no MongoDB product has access to your data in an unencrypted form.

You can set up CSFLE using the following mechanisms:

  • Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.
  • Manual Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.

The following table shows which MongoDB server products support which CSFLE mechanisms:

Product Name
Supports Automatic Encryption
Supports Manual Encryption
MongoDB Atlas
Yes
Yes
MongoDB Enterprise Advanced
Yes
Yes
MongoDB Community Edition
No
Yes

To learn which MongoDB drivers support CSFLE, see Compatibility.

To learn about the security benefits of CSFLE for your applications, see the Features page.

To learn what you must install to use CSFLE, see the Installation Requirements page.

To start using CSFLE, see the Quick Start.

To learn how CSFLE works and how to set it up, see the Fundamentals section.

The fundamentals section contains the following pages:

To learn how to perform specific tasks with CSFLE, see the Tutorials section.

To view information to help you develop your CSFLE enabled applications, see the Reference section.

The reference section contains the following pages:

←  Rotate Encryption KeysFeatures →
Give Feedback
© 2022 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.