Compatibility

This page describes the MongoDB Server editions and driver versions compatible with Queryable Encryption and Client-Side Field Level Encryption to help you determine whether your deployment supports each in-use encryption feature.

➤ Use the Select your language drop-down menu to select your driver and see its compatibility with Queryable Encryption and Client-Side Field Level Encryption.

Queryable Encryption Compatibility

The following sections describe the compatibility requirements for using Queryable Encryption with MongoDB Server and your selected driver.

MongoDB Compatibility

You can use Queryable Encryption on a MongoDB Server 7.0 or later replica set or sharded cluster, but not a standalone instance. The following table shows which MongoDB Server products support which Queryable Encryption mechanisms:

Product Name	Minimum Version	Supports Queryable Encryption with Automatic Encryption	Supports Queryable Encryption with Explicit Encryption
MongoDB Atlas [1]	7.0	Yes	Yes
MongoDB Enterprise Advanced	7.0	Yes	Yes
MongoDB Community Edition	7.0	No	Yes

[1]	Queryable Encryption is compatible with MongoDB Atlas but not MongoDB Atlas Search.

Driver Compatibility

To use Queryable Encryption with the C driver, install the following components:

Driver version 1.24.0 or later
libmongocrypt version 1.8.0 or later

To use Queryable Encryption with the C++ driver, install the following components:

Driver version 3.8.0 or later
libmongocrypt version 1.8.0 or later

To use Queryable Encryption with the .NET/C# driver, install driver version 2.20.0 or later.

If you're using driver version 3.0 or later, you must also complete the following steps:

Install the MongoDB.Driver.Encryption package from NuGet. This package enables automatic encryption.
If your application runs on Linux, install libmongocrypt manually. Then, set the LIBMONGOCRYPT_PATH environment variable to the absolute path of the libmongocrypt file.
If your application runs on 64-bit Linux, and you're using driver version 3.4.3 or earlier, add the following lines of XML to your .csproj file. Change the value of the <MongoDriverEncryptionVersion> element to match the version of the MongoDB.Driver.Encryption package that you have installed.

<PropertyGroup>
    <!-- replace the version here with your package version -->
    <MongoDriverEncryptionVersion>3.4.2</MongoDriverEncryptionVersion>
    <MongoDriverEncryptionPath>$(NuGetPackageRoot)mongodb.driver.encryption\$(MongoDriverEncryptionVersion)</MongoDriverEncryptionPath>
</PropertyGroup>
<PropertyGroup>
    <!-- Suppresses the duplicate file error -->
    <ErrorOnDuplicatePublishOutputFiles>false</ErrorOnDuplicatePublishOutputFiles>
</PropertyGroup>
<!-- Ensures the correct library after build or publish -->
<Target Name="EnsureCorrectMongoEncryption" AfterTargets="Build;Publish" Condition="'$(RuntimeIdentifier)' != ''">
    <!-- Determine paths based on current operation -->
    <PropertyGroup>
        <_TargetDir Condition="Exists('$(PublishDir)')">$(PublishDir)</_TargetDir>
        <_TargetDir Condition="'$(_TargetDir)' == ''">$(OutputPath)</_TargetDir>
    </PropertyGroup>
    <!-- Copy the correct library based on runtime identifier (RID) -->
    <ItemGroup>
        <_CorrectMongoLib Include="$(MongoDriverEncryptionPath)/runtimes/linux/native/x64/libmongocrypt.so"
                          Condition="'$(RuntimeIdentifier)' == 'linux-x64'" />
        <_CorrectMongoLib Include="$(MongoDriverEncryptionPath)/runtimes/linux/native/arm64/libmongocrypt.so"
                          Condition="'$(RuntimeIdentifier)' == 'linux-arm64'" />
        <_CorrectMongoLib Include="$(MongoDriverEncryptionPath)/runtimes/linux/native/alpine/libmongocrypt.so"
                          Condition="'$(RuntimeIdentifier)' == 'linux-musl-arm64'" />
    </ItemGroup>
    <!-- Copy with overwrite -->
    <Copy SourceFiles="@(_CorrectMongoLib)"
          DestinationFolder="$(_TargetDir)"
          Condition="'@(_CorrectMongoLib)' != ''"
          OverwriteReadOnlyFiles="true" />
    <Message Text="Fixed MongoDB encryption library for $(RuntimeIdentifier)"
             Condition="'@(_CorrectMongoLib)' != ''" />
</Target>

To use Queryable Encryption with the Go driver, install the following components:

Driver version 1.12 or later
libmongocrypt version 1.8.0 or later

To use Queryable Encryption with the Java Sync or Java Reactive Streams driver, install the following components:

Driver version 4.10.0 or later
mongodb-crypt version 1.8.0 or later

To use Queryable Encryption with the Node.js driver, install the following components:

Driver version 5.5.0 or later
mongodb-client-encryption version 2.8.0 or later

If you're using version 6.0 or later of the Node.js driver, you must also use version 6.0 or later of mongodb-client-encryption.

To use Queryable Encryption with the PHP driver, install driver version 1.16 or later.

To use Queryable Encryption with PyMongo, install the following components:

Driver version 4.4 or later
pymongocrypt version 1.6 or later

To use Queryable Encryption with the Ruby driver, install the following components:

Driver version 2.19 or later
libmongocrypt-helper version 1.8.0 or later

To use Queryable Encryption with the Rust driver, install the following components:

Driver version 2.4.0 or later
libmongocrypt version 1.8.0 or later

To use Queryable Encryption with the Scala driver, install the following components:

Driver version 4.10.0 or later
mongodb-crypt version 1.8.0 or later

Important

Automatic Encryption Support

To use Queryable Encryption with automatic encryption, you must install a query analysis component. To learn more, see Install and Configure a Query Analysis Component.

MongoDB Support Limitations

Enabling Queryable Encryption on a collection redacts fields from some diagnostic commands and omits some operations from the query log. This limits the data available to MongoDB support engineers, especially when analyzing query performance. To measure the impact of operations against encrypted collections, use a third party application performance monitoring tool to collect metrics.

Client-Side Field Level Encryption Compatibility

The following sections describe the compatibility requirements for using Client-Side Field Level Encryption (CSFLE) with MongoDB Server and your selected driver.

MongoDB Compatibility

You can use Client-Side Field Level Encryption on a replica set or sharded cluster, but not a standalone instance. The following table shows which MongoDB Server products support which Client-Side Field Level Encryption mechanisms:

Product Name	Minimum Version	Supports CSFLE with Automatic Encryption	Supports CSFLE with Explicit Encryption
MongoDB Atlas	All supported MongoDB versions	Yes	Yes
MongoDB Enterprise Advanced	4.2	Yes	Yes
MongoDB Community Edition	4.2	No	Yes

Driver Compatibility

To use Client-Side Field Level Encryption and the Key Rotation API with the C driver, install driver version 1.17.5 or later.

To use Client-Side Field Level Encryption and the Key Rotation API with the C++ driver, install driver version 3.6.0 or later.

To use Client-Side Field Level Encryption with the .NET/C# driver, install driver version 2.10.0 or later. To use the Key Rotation API, install driver version 2.17.1 or later.

If you're using driver version 3.0 or later, you must also complete the following steps:

Install the MongoDB.Driver.Encryption package from NuGet. This package enables automatic encryption.
If your application runs on Linux, install libmongocrypt manually. Then, set the LIBMONGOCRYPT_PATH environment variable to the absolute path of the libmongocrypt file.
If your application runs on 64-bit Linux, and you're using driver version 3.4.3 or earlier, add the following lines of XML to your .csproj file. Change the value of the <MongoDriverEncryptionVersion> element to match the version of the MongoDB.Driver.Encryption package that you have installed.

<PropertyGroup>
    <!-- replace the version here with your package version -->
    <MongoDriverEncryptionVersion>3.4.2</MongoDriverEncryptionVersion>
    <MongoDriverEncryptionPath>$(NuGetPackageRoot)mongodb.driver.encryption\$(MongoDriverEncryptionVersion)</MongoDriverEncryptionPath>
</PropertyGroup>
<PropertyGroup>
    <!-- Suppresses the duplicate file error -->
    <ErrorOnDuplicatePublishOutputFiles>false</ErrorOnDuplicatePublishOutputFiles>
</PropertyGroup>
<!-- Ensures the correct library after build or publish -->
<Target Name="EnsureCorrectMongoEncryption" AfterTargets="Build;Publish" Condition="'$(RuntimeIdentifier)' != ''">
    <!-- Determine paths based on current operation -->
    <PropertyGroup>
        <_TargetDir Condition="Exists('$(PublishDir)')">$(PublishDir)</_TargetDir>
        <_TargetDir Condition="'$(_TargetDir)' == ''">$(OutputPath)</_TargetDir>
    </PropertyGroup>
    <!-- Copy the correct library based on runtime identifier (RID) -->
    <ItemGroup>
        <_CorrectMongoLib Include="$(MongoDriverEncryptionPath)/runtimes/linux/native/x64/libmongocrypt.so"
                          Condition="'$(RuntimeIdentifier)' == 'linux-x64'" />
        <_CorrectMongoLib Include="$(MongoDriverEncryptionPath)/runtimes/linux/native/arm64/libmongocrypt.so"
                          Condition="'$(RuntimeIdentifier)' == 'linux-arm64'" />
        <_CorrectMongoLib Include="$(MongoDriverEncryptionPath)/runtimes/linux/native/alpine/libmongocrypt.so"
                          Condition="'$(RuntimeIdentifier)' == 'linux-musl-arm64'" />
    </ItemGroup>
    <!-- Copy with overwrite -->
    <Copy SourceFiles="@(_CorrectMongoLib)"
          DestinationFolder="$(_TargetDir)"
          Condition="'@(_CorrectMongoLib)' != ''"
          OverwriteReadOnlyFiles="true" />
    <Message Text="Fixed MongoDB encryption library for $(RuntimeIdentifier)"
             Condition="'@(_CorrectMongoLib)' != ''" />
</Target>

To use Client-Side Field Level Encryption with the Go driver, install driver version 1.2 or later. To use the Key Rotation API, install libmongocrypt version 1.5.2 or later.

To use Client-Side Field Level Encryption with the Node.js driver, install driver version 3.4.0 or later. To use the Key Rotation API, install mongodb-client-encryption version 2.2.0 - 2.x.

If you're using version 6.0 or later of the Node.js driver, you must also use version 6.0 or later of mongodb-client-encryption.

To use Client-Side Field Level Encryption and the Key Rotation API with the PHP driver, install driver version 1.6.0 or later.

To use Client-Side Field Level Encryption with PyMongo, install driver version 3.10.0 or later. To use the Key Rotation API, install pymongocrypt version 1.3.1 or later.

To use Client-Side Field Level Encryption and the Key Rotation API with the Ruby driver, install driver version 2.12.1 or later.

To use Client-Side Field Level Encryption with the Rust driver, install driver version 2.4.0 or later. To use the Key Rotation API, install libmongocrypt version 1.8.0 or later.

To use Client-Side Field Level Encryption and the Key Rotation API with the Scala driver, install driver version 2.7.0 or later.

To learn more about the Key Rotation API, see Rotate and Rewrap Encryption Keys.

Important

Automatic Encryption Support

To use Client-Side Field Level Encryption with automatic encryption, you must install a query analysis component. To learn more, see Install and Configure a CSFLE Query Analysis Component.

Back

Use Explicit Encryption

Queryable Encryption Limitations