我的书签
添加书签
移除书签Appendix
beta
Client-Side Field Level Encryption is available as a beta. The contentsof this page may change during the beta period.
mongocryptd
Enterprise Feature
The automatic feature of field level encryption is only availablein MongoDB 4.2 Enterprise and MongoDB Atlas 4.2 clusters.
mongocryptd is required for automatic field level encryption and is included as a component inthe MongoDB Enterprise Server package. mongocryptd performsthe following:
- Parses the automatic encryption rules specified to the databaseconnection. Automatic encryption rules use a strict subset ofJSON schema syntax. If the automatic encryption rules contains invalidautomatic encryption syntax or any
document validationsyntax,mongocryptdreturns an error. - Uses the specified automatic encryption rules to mark fields inread and write operations for encryption.
- Reject read/write operations that may return unexpected or incorrectresults when applied to an encrypted field. SeeRead/Write Support with Automatic Field Level Encryption formore information.
mongocryptd is only responsible for supporting automaticclient-side field level encryption and does not perform encryptionor decryption. MongoDB 4.2-compatible drivers use the Apache-licensedlibmongocryptlibrary for performing client-side field level encryption andautomatic decryption.
The official MongoDB 4.2-compatible drivers and the 4.2mongo shell require access to the mongocryptd processon the client host machine. The 4.2-compatible drivers and 4.2mongo shell by default search for the mongocryptdprocess in the system PATH. See Installation for morecomplete documentation on installing mongocryptd.
If the 4.2-compatible driver has access to the mongocryptd process,by default the driver manages the spawning of the mongocryptdprocess. The 4.2-compatible drivers may have additional options forspecifying the path to or the spawning behavior of the mongocryptdprocess.
Installation
For supported Linux Operating Systems, follow the documentedinstallation instructions and install the mongodb-enterprise serverpackage. Alternatively, specify mongdb-enterprise-cryptd instead toinstall only the mongocryptd binary. The package manager installsthe binaries to a location in the system PATH (e.g. /usr/bin/)
For OSX, install theServer package.The package manager installs binaries to a location in the systemPATH.
For Windows, install theServer package.You must add the mongocryptd package to your system PATH afterinstallation. Defer to documented best practices for your Windowsinstallation for instructions on adding the mongocryptd binary tothe system PATH.
For installations via an official tarball or ZIP archive,follow the documented best practices for your operating system to addthe mongocryptd binary to your system PATH.
