Client-Side Field Level Encryption¶
On this page
When working with a MongoDB Enterprise
or MongoDB Atlas cluster, you can use mongosh to configure
Client-Side Field Level Encryption and connect with encryption
support. Client-side field level encryption uses data encryption keys
for supporting encryption and decryption of field values, and stores
this encryption key material in a Key Management Service (KMS).
mongosh supports the following KMS providers for use with
client-side field level encryption:
- Amazon Web Services KMS
- Azure Key Vault
- Google Cloud Platform KMS
- Locally Managed Keyfile
Create a Data Encryption Key¶
The following procedure uses mongosh to create a data encryption key
for use with client-side field level encryption and decryption.
Use the tabs below to select the KMS appropriate for your deployment: