|
1 | | -============== |
2 | | -Encrypt Fields |
3 | | -============== |
4 | | - |
5 | | -.. contents:: On this page |
6 | | - :local: |
7 | | - :backlinks: none |
8 | | - :depth: 2 |
9 | | - :class: singlecol |
10 | | - |
11 | | -.. default-domain:: mongodb |
12 | | - |
13 | | -Overview |
14 | | --------- |
15 | | - |
16 | | -You can encrypt fields in a document using a set of features called |
17 | | -**in-use encryption**. |
18 | | - |
19 | | -In-use encryption enables your client applications to encrypt data |
20 | | -*before* sending it to MongoDB, and to query documents with encrypted fields. |
21 | | - |
22 | | -Because the driver encrypts the data before sending it to MongoDB, only |
23 | | -your configured client applications can decrypt the data. Only applications |
24 | | -using the driver with access to your encryption keys can access the decrypted, |
25 | | -plaintext data. Should you have unauthorized access to your database, an |
26 | | -attacker could only see the encrypted, ciphertext data. |
27 | | - |
28 | | -In-use encryption can help prevent exposure of the following sensitive types of data: |
29 | | - |
30 | | -- Credit card numbers |
31 | | -- Addresses |
32 | | -- Health information |
33 | | -- Financial information |
34 | | -- Any other sensitive or personally identifiable information (PII) |
35 | | - |
36 | | -MongoDB offers the following ways to encrypt fields: |
37 | | - |
38 | | -{+qe+} |
39 | | -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
40 | | - |
41 | | -{+qe+} is the next-generation in-use encryption feature, |
42 | | -introduced in MongoDB 6.0 and available as a public preview. {+qe+} |
43 | | -supports searching encrypted fields for equality and encrypts each value |
44 | | -uniquely. |
45 | | - |
46 | | -The MongoDB manual contains detailed information on the following {+qe+} topics: |
47 | | - |
48 | | -- To get started, see the :ref:`{+qe+} Quick Start <qe-quick-start>`. |
49 | | -- To learn how to use {+qe+}, see the :ref:`{+qe+} Fundamentals <qe-fundamentals>`. |
50 | | -- To learn how to integrate your implementation with a KMS, see the :ref:`{+qe+} Tutorials <qe-tutorials>`. |
51 | | -- To learn {+qe+} concepts, see the :ref:`{+qe+} Reference <qe-reference>`. |
52 | | - |
53 | | -{+csfle-long+} |
54 | | -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
55 | | - |
56 | | -{+csfle-long+} was introduced in MongoDB v4.2 and supports searching encrypted |
57 | | -fields for equality. {+csfle-short+} differs from {+qe+} in that it requires |
58 | | -that the encrypted fields you want to search must be determinstically encrypted. |
59 | | -When you deterministically encrypt a value, the same input value produces |
60 | | -the same output value. While deterministic encryption provides greater |
61 | | -support for read operations, encrypted data with low :wikipedia:`cardinality <Cardinality>` |
62 | | -is susceptible to recovery using :wikipedia:`frequency analysis <Frequency_analysis>`. |
63 | | - |
64 | | -The MongoDB manual contains detailed information on the following {+csfle-short+} topics: |
65 | | - |
66 | | -- To get started, see the :ref:`{+csfle-short+} Quick Start <csfle-quick-start>`. |
67 | | -- To learn how to use {+csfle-short+}, see the :ref:`{+csfle-short+} Fundamentals <csfle-fundamentals>`. |
68 | | -- To learn how to integrate your {+csfle-short+} implementation with a KMS, see the :ref:`{+csfle-short+} Tutorials <csfle-tutorials>`. |
69 | | -- To learn {+csfle-short+} concepts, see the :ref:`{+csfle-short+} Reference <csfle-reference>`. |
70 | | - |
| 1 | +.. _node-fle: |
71 | 2 |
|
| 3 | +.. sharedinclude:: dbx/encrypt-fields.rst |
0 commit comments