You are viewing an offline version of MongoDB documentation. Some page features might be unavailable. To view the latest version of the page or use interactive features, visit the live page.

Client-Side Field Level Encryption

Reference

CSFLE Compatibility

MongoDB's Queryable Encryption feature is available (GA) in MongoDB 7.0 and later. To learn more about Queryable Encryption and compare its benefits with Client-Side Field Level Encryption, see Queryable Encryption.

This page describes the MongoDB and driver versions with which Client-Side Field Level Encryption is compatible.

MongoDB Edition and Version Compatibility

Automatic encryption with Client-Side Field Level Encryption is only available with MongoDB Enterprise Edition, version 4.2 or later.

Explicit encryption with Client-Side Field Level Encryption is available with MongoDB Community and Enterprise Edition, version 4.2 or later.

Driver Compatibility Table

Client-Side Field Level Encryption is only available the following official compatible driver versions or later:

Driver	Supported Versions	Quickstarts / Tutorials
Node	`3.4.0+`	Node.js Quickstart Client-Side Field Level Encryption Guide
Java (Synchronous)	`3.11.0+`	Java Driver Quickstart Java Async Driver Quickstart Client-Side Field Level Encryption Guide
Java Reactive Streams	`1.12.0+`	Java RS Documentation
Python (PyMongo)	`3.10.0+`	Python Driver Quickstart Client-Side Field Level Encryption Guide
C#/.NET	`2.10.0+`	.NET Driver Quickstart If you are using driver version C#/.NET 3.0 or later, perform the following steps: Install the MongoDB.Driver.Encryption package from NuGet. If your application runs on Linux, install libmongocrypt manually. Then, set the `LIBMONGOCRYPT_PATH` environment variable to the absolute path to the `libmongocrypt` file.
C++	`3.6.0`	C++ Driver Client-Side Field Level Encryption
C	`1.17.5`	C Driver Client-Side Field Level Encryption
Go	`1.2+`	Go Driver Quickstart
Scala	`2.7.0+`	Scala Documentation
PHP	`1.6.0+`	PHP Driver Quickstart
Ruby	`2.12.1+`	Ruby Driver Quickstart

Important

Key Rotation Support

To use the key rotation API of CSFLE, such as the rewrapManyDateKey method, you must use specific versions of either your driver's binding package or libmongocrypt.

The following list details each driver's key rotation API dependencies:

If you're using version 6.0 or later of the Node.js driver, you must also use version 6.0 or later of the mongodb-client-encryption package. Otherwise, use mongodb-client-encryption version 2.2.0 or later.
Java Driver: Use mongodb-crypt version 1.7.3 or later.
pymongo: Use pymongocrypt version 1.3.1 or later.
Go Driver: Use libmongocrypt version 1.5.2 or later.
C#/.NET Driver: Use the MongoDB C#/.NET Driver version 2.17.1 or later.

Please refer to the driver reference documentation for syntax and implementation examples.

Back

Reference

CSFLE Limitations