Docs Menu

Client-Side Field Level Encryption

On this page

  • Create a Data Encryption Key

When working with a MongoDB Enterprise or MongoDB Atlas cluster, you can use mongosh to configure Client-Side Field Level Encryption and connect with encryption support. Client-side field level encryption uses data encryption keys for supporting encryption and decryption of field values, and stores this encryption key material in a Key Management Service (KMS).

mongosh supports the following KMS providers for use with client-side field level encryption:

  • Amazon Web Services KMS
  • Azure Key Vault
  • Google Cloud Platform KMS
  • Locally Managed Keyfile

The following procedure uses mongosh to create a data encryption key for use with client-side field level encryption and decryption.

Use the tabs below to select the KMS appropriate for your deployment:

See also:
Give Feedback
MongoDB logo
© 2021 MongoDB, Inc.


  • Careers
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2021 MongoDB, Inc.