encrypt fields (#141)

* encrypt fields

* missing ref

* dangling period

Author: terakilobyte

snooty.toml

@@ -3,20 +3,27 @@ title = "Go"
 toc_landing_pages = [
     "/fundamentals/connection",
     "/fundamentals/crud",
-    "/usage-examples"
+    "/usage-examples",
 ]
 
 intersphinx = [
-  "https://www.mongodb.com/docs/manual/objects.inv",
-  "https://www.mongodb.com/docs/drivers/objects.inv",
-  "https://www.mongodb.com/docs/atlas/objects.inv"
+    "https://www.mongodb.com/docs/manual/objects.inv",
+    "https://www.mongodb.com/docs/drivers/objects.inv",
+    "https://www.mongodb.com/docs/atlas/objects.inv",
 ]
 sharedinclude_root = "https://raw.githubusercontent.com/10gen/docs-shared/main/"
 
 [constants]
 driver-long = "MongoDB Go Driver"
-docs-branch = "master" # always set this to the docs branch (i.e. master, 1.7, 1.8, etc.)
-version = "v1.10.1" # always set this to the driver branch (i.e. v1.7.0, v1.8.0, etc.)
+docs-branch = "master"                                                                                                         # always set this to the docs branch (i.e. master, 1.7, 1.8, etc.)
+version = "v1.10.1"                                                                                                            # always set this to the driver branch (i.e. v1.7.0, v1.8.0, etc.)
 example = "https://raw.githubusercontent.com/mongodb/docs-golang/{+docs-branch+}/source/includes/usage-examples/code-snippets"
 api = "https://pkg.go.dev/go.mongodb.org/mongo-driver@{+version+}"
 stable-api = "Stable API"
+qe = "Queryable Encryption"
+key-vault-long = "key vault collection"
+kms-long = "Key Management System"
+cmk-long = "Customer Master Key"
+dek-long = "Data Encryption Key"
+csfle-short = "CSFLE"
+csfle-long = "Client-side Field Level Encryption (CSFLE)"

source/fundamentals.txt

@@ -19,14 +19,14 @@ Fundamentals
    /fundamentals/collations
    /fundamentals/gridfs
    /fundamentals/time-series
+   /fundamentals/encrypt-fields
 
 ..
   /fundamentals/enterprise-auth
   /fundamentals/databases-collections
   /fundamentals/data-formats
   /fundamentals/builders
   /fundamentals/collations
-  /fundamentals/csfle
   /fundamentals/gridfs
   /fundamentals/logging
   /fundamentals/monitoring

source/fundamentals/csfle.txt

@@ -0,0 +1,71 @@
+.. _golang-fle:
+
+==============
+Encrypt Fields
+==============
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 2
+   :class: singlecol
+
+.. default-domain:: mongodb
+
+Overview
+--------
+
+You can encrypt fields in a document using a set of features called
+**in-use encryption**.
+
+In-use encryption enables your client applications to encrypt data
+*before* sending it to MongoDB, and to query documents with encrypted fields.
+
+Because the driver encrypts the data before sending it to MongoDB, only
+your configured client applications can decrypt the data. Only applications
+using the driver with access to your encryption keys can access the decrypted,
+plaintext data. Should you have unauthorized access to your database, an
+attacker could only see the encrypted, ciphertext data.
+
+In-use encryption can help prevent exposure of the following sensitive types of data:
+
+- Credit card numbers
+- Addresses
+- Health information
+- Financial information
+- Any other sensitive or personally identifiable information (PII)
+
+MongoDB offers the following ways to encrypt fields:
+
+{+qe+}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{+qe+} is the next-generation in-use encryption feature,
+introduced in MongoDB 6.0 and available as a public preview. {+qe+}
+supports searching encrypted fields for equality and encrypts each value
+uniquely.
+
+The MongoDB manual contains detailed information on the following {+qe+} topics:
+
+- To get started, see the :ref:`{+qe+} Quick Start <qe-quick-start>`.
+- To learn how to use {+qe+}, see the :ref:`{+qe+} Fundamentals <qe-fundamentals>`.
+- To learn how to integrate your implementation with a {+kms-long+}, see the :ref:`{+qe+} Tutorials <qe-tutorials>`.
+- To learn {+qe+} concepts, see the :ref:`{+qe+} Reference <qe-reference>`.
+
+{+csfle-long+}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{+csfle-long+} was introduced in MongoDB version v4.2 and supports searching encrypted
+fields for equality. {+csfle-short+} differs from {+qe+} in that it requires
+that the encrypted fields you want to search must be determinstically encrypted.
+When you deterministically encrypt a value, the same input value produces
+the same output value. While deterministic encryption provides greater
+support for read operations, encrypted data with low :wikipedia:`cardinality <Cardinality>`
+is susceptible to recovery using :wikipedia:`frequency analysis <Frequency_analysis>`.
+
+The MongoDB manual contains detailed information on the following {+csfle-short+} topics:
+
+- To get started, see the :ref:`{+csfle-short+} Quick Start <csfle-quick-start>`.
+- To learn how to use {+csfle-short+}, see the :ref:`{+csfle-short+} Fundamentals <csfle-fundamentals>`.
+- To learn how to integrate your {+csfle-short+} implementation with a {+kms-long+}, see the :ref:`{+csfle-short+} Tutorials <csfle-tutorials>`.
+- To learn {+csfle-short+} concepts, see the :ref:`{+csfle-short+} Reference <csfle-reference>`.

source/fundamentals/encrypt-fields.txt

@@ -10,6 +10,7 @@ Fundamentals section:
 - :ref:`Perform Aggregations <golang-aggregation>`
 - :ref:`Construct Indexes <golang-indexes>`
 - :ref:`Use a Time Series Collection <golang-time-series>`
+- :ref:`Encrypt Fields <golang-fle>`
 
 .. - :doc:`Use the Driver's Data Formats </fundamentals/data-formats>`
 .. - :doc:`Specify Collations </fundamentals/collations>`