|
1 | 1 | .. _golang-fle: |
2 | 2 |
|
3 | | -============== |
4 | | -Encrypt Fields |
5 | | -============== |
6 | | - |
7 | | -.. contents:: On this page |
8 | | - :local: |
9 | | - :backlinks: none |
10 | | - :depth: 2 |
11 | | - :class: singlecol |
12 | | - |
13 | | -.. default-domain:: mongodb |
14 | | - |
15 | | -Overview |
16 | | --------- |
17 | | - |
18 | | -You can encrypt fields in a document using a set of features called |
19 | | -**in-use encryption**. |
20 | | - |
21 | | -In-use encryption enables your client applications to encrypt data |
22 | | -*before* sending it to MongoDB, and to query documents with encrypted fields. |
23 | | - |
24 | | -Because the driver encrypts the data before sending it to MongoDB, only |
25 | | -your configured client applications can decrypt the data. Only applications |
26 | | -using the driver with access to your encryption keys can access the decrypted, |
27 | | -plaintext data. Should you have unauthorized access to your database, an |
28 | | -attacker could only see the encrypted, ciphertext data. |
29 | | - |
30 | | -In-use encryption can help prevent exposure of the following sensitive types of data: |
31 | | - |
32 | | -- Credit card numbers |
33 | | -- Addresses |
34 | | -- Health information |
35 | | -- Financial information |
36 | | -- Any other sensitive or personally identifiable information (PII) |
37 | | - |
38 | | -MongoDB offers the following ways to encrypt fields: |
39 | | - |
40 | | -{+qe+} |
41 | | -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
42 | | - |
43 | | -{+qe+} is the next-generation in-use encryption feature, |
44 | | -introduced in MongoDB 6.0 and available as a public preview. {+qe+} |
45 | | -supports searching encrypted fields for equality and encrypts each value |
46 | | -uniquely. |
47 | | - |
48 | | -The MongoDB manual contains detailed information on the following {+qe+} topics: |
49 | | - |
50 | | -- To get started, see the :ref:`{+qe+} Quick Start <qe-quick-start>`. |
51 | | -- To learn how to use {+qe+}, see the :ref:`{+qe+} Fundamentals <qe-fundamentals>`. |
52 | | -- To learn how to integrate your implementation with a {+kms-long+}, see the :ref:`{+qe+} Tutorials <qe-tutorials>`. |
53 | | -- To learn {+qe+} concepts, see the :ref:`{+qe+} Reference <qe-reference>`. |
54 | | - |
55 | | -{+csfle-long+} |
56 | | -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
57 | | - |
58 | | -{+csfle-long+} was introduced in MongoDB version v4.2 and supports searching encrypted |
59 | | -fields for equality. {+csfle-short+} differs from {+qe+} in that it requires |
60 | | -that the encrypted fields you want to search must be deterministically encrypted. |
61 | | -When you deterministically encrypt a value, the same input value produces |
62 | | -the same output value. While deterministic encryption provides greater |
63 | | -support for read operations, encrypted data with low :wikipedia:`cardinality <Cardinality>` |
64 | | -is susceptible to recovery using :wikipedia:`frequency analysis <Frequency_analysis>`. |
65 | | - |
66 | | -The MongoDB manual contains detailed information on the following {+csfle-short+} topics: |
67 | | - |
68 | | -- To get started, see the :ref:`{+csfle-short+} Quick Start <csfle-quick-start>`. |
69 | | -- To learn how to use {+csfle-short+}, see the :ref:`{+csfle-short+} Fundamentals <csfle-fundamentals>`. |
70 | | -- To learn how to integrate your {+csfle-short+} implementation with a {+kms-long+}, see the :ref:`{+csfle-short+} Tutorials <csfle-tutorials>`. |
71 | | -- To learn {+csfle-short+} concepts, see the :ref:`{+csfle-short+} Reference <csfle-reference>`. |
| 3 | +.. sharedinclude:: dbx/encrypt-fields.rst |
0 commit comments