Docs Menu
Docs Home
/ / /
C Driver
/ /

In-Use Encryption

In-Use Encryption consists of two features:

  • Client-Side Field Level Encryption

  • Queryable Encryption

Using In-Use Encryption in the C driver requires the dependency libmongocrypt. See the MongoDB Manual for libmongocrypt installation instructions.

Once libmongocrypt is installed, configure the C driver with -DENABLE_CLIENT_SIDE_ENCRYPTION=ON to require In-Use Encryption be enabled.

$ cd mongo-c-driver
$ mkdir cmake-build && cd cmake-build
$ cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF -DENABLE_CLIENT_SIDE_ENCRYPTION=ON ..
$ cmake --build . --target install

mongoc_client_encryption_t is used for explicit encryption and key management. mongoc_client_enable_auto_encryption and mongoc_client_pool_enable_auto_encryption is used to enable automatic encryption.

The Queryable Encryption and CSFLE features share much of the same API with some exceptions.

To support the automatic encryption feature, one of the following dependencies are required:

A mongoc_client_t or mongoc_client_pool_t configured with auto encryption will automatically try to load the crypt_shared library. If loading the crypt_shared library fails, the mongoc_client_t or mongoc_client_pool_t will try to spawn the mongocryptd process from the application's PATH. To configure use of crypt_shared and mongocryptd see mongoc_auto_encryption_opts_set_extra.

Back

Aids for Debugging