Overview
This guide shows you how to build a Client-Side Field Level Encryption (CSFLE)-enabled application using a Key Management Interoperability Protocol (KMIP)-compliant key provider.
After you complete the steps in this guide, you should have:
A Customer Master Key hosted on a KMIP-compliant key provider.
A working client application that inserts documents with encrypted fields using your Customer Master Key.
Before You Get Started
To complete and run the code in this guide, you need to set up your development environment as shown in the Installation Requirements page.
Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.
For example:
dek_id := "<Your Base64 DEK ID>"
You would replace everything between quotes with your DEK ID.
dek_id := "abc123"
Select the programming language for which you want to see code examples for from the dropdown menu below.
Full Application Code
Set Up the KMS
Note
mongod reads the KMIP configuration at startup. By default, the
server uses KMIP protocol version 1.2.
To connect to a version 1.0 or 1.1 KMIP server, use the
useLegacyProtocol
setting.
Learn More
To learn how CSFLE works, see CSFLE Fundamentals.
To learn more about the topics mentioned in this guide, see the following links:
Learn more about CSFLE components on the Reference page.
Learn how Customer Master Keys and Data Encryption Keys work on the Encryption Keys and Key Vaults page.
See how KMS Providers manage your CSFLE keys on the KMS Providers page.