• Security >
• Encryption >
• In-Use Encryption >
• Introduction >
• Reference >
• Encryption Components

Encryption Components

Diagram

The following diagram illustrates the relationships between a MongoDB driver or mongosh and each component of ():

Components

The following sections discuss the individual components of the preceding diagram.

libmongocrypt

libmongocrypt is the Apache-licensed open-source core cryptography library used by the official MongoDB 4.2+ compatible drivers and mongosh to power . Some drivers may require specific integration steps to install or link the library.

To view steps for installing libmongocrypt, see the libmongocrypt reference page.

mongocryptd

mongocryptd supports automatic encryption and is only available with MongoDB Enterprise. mongocryptd does not perform cryptographic functions.

To learn more about mongocryptd, see Install and Configure mongocryptd.

---

The is a standard MongoDB collection that stores all s used to encrypt application data. s are themselves encrypted using a () prior to storage in the . You can host your on a different MongoDB cluster than the cluster storing your encrypted application data.

To learn more about the , see Keys and Key Vaults.

---

The () stores the

() used to encrypt s.

To view a list of all providers MongoDB supports, see KMS Providers.

MongoDB Cluster

The MongoDB cluster which stores the encrypted data may also enforce . For more information on server-side schema enforcement, see Server-Side Schema Enforcement.

←   KMS Providers How CSFLE Decrypts Documents  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.