Overview
In this tutorial, you can learn how to use automatic Client-Side Field Level Encryption (CSFLE) and a MongoDB driver to encrypt a document.
The tutorial includes the following sections:
Set Up Your Project: Set up your project files and assign required variables.
Configure Encryption: Create an encryption key and configure your application for Client-Side Field Level Encryption.
Perform Encrypted Operations: Insert and query encrypted documents.
Important
Do Not Use this Application In Production
Since this example application stores an encryption key on your application's filesystem, you risk unauthorized access to the key or loss of the key to decrypt your data.
To view a tutorial that demonstrates how to create a production-ready CSFLE-enabled application, see CSFLE Tutorials.
Prerequisites
Before you begin this tutorial, complete the following prerequisite steps:
Download the Automatic Encryption Shared Library from the MongoDB Download Center. Navigate to the MongoDB Enterprise Server Download section and select the follow options:
In the Version dropdown, select the version marked as
"current".In the Platform dropdown, select your platform.
In the Package dropdown, select
crypt_shared.
Extract the archive and save the path to the shared library file for future use.
Note
Query Analysis Component
The Automatic Encryption Shared Library is a preferred alternative to
mongocryptdand does not require spawning a new process to perform automatic encryption. This tutorial uses the Automatic Encryption Shared Library, butmongocryptdis still supported.Configure a MongoDB Atlas cluster or a local replica set deployment, and save your connection string for future use. To learn more, see the Get Started tutorial.
Full Application Code
Tutorial
Learn More
To learn how to create a production-ready CSFLE with a remote KMS, see the CSFLE Tutorials.
To learn how CSFLE works, see CSFLE Fundamentals.
To learn more about the topics mentioned in this guide, see the following resources: