MongoClient Options for Queryable Encryption
On this page
Queryable Encryption with equality queries is generally available (GA) in MongoDB 7.0. If you are starting out with Queryable Encryption, upgrade MongoDB to version 7.0 with compatible drivers. Data encrypted using the QE Public Preview is incompatible with the GA. For more information, see the MongoDB 7.0 compatibility notes.
Overview
View information about the Queryable Encryption specific configuration options for MongoClient instances.
AutoEncryptionOpts
Pass an AutoEncryptionOpts object to your MongoClient instance to specify Queryable Encryption specific options.
The following table describes the structure of an AutoEncryptionOpts object:
| Parameter | Type | Required | Description |
|---|---|---|---|
keyVaultClient | MongoClient | No | A MongoClient instance configured to connect to the MongoDB instance hosting your Key Vault collection.If you omit the keyVaultClient option, the MongoDB instance specified to your MongoClient instance containing the AutoEncryptionOpts configuration is used as the host of your Key Vault collection.To learn more about Key Vault collections, see Key Vault Collections. |
keyVaultNamespace | String | Yes | The full namespace of the Key Vault collection. |
kmsProviders | Object | Yes | The Key Management System (KMS) used by Queryable Encryption for managing your Customer Master Keys (CMKs). To learn more about kmsProviders objects, see KMS Providers.To learn more about Customer Master Keys, see Keys and Key Vaults. |
encryptedFieldsMap | Object | No | An encryption schema. To learn how to construct an encryption schema, see Field Encryption and Queryability. |
bypassQueryAnalysis | Boolean | No | Disables automatic analysis of outgoing commands. Set bypassQueryAnalysis to true to use explicit encryption on indexed fields without the crypt_shared library. Defaults to false if not specified. |
Example
To view a code-snippet demonstrating how to use AutoEncryptionOpts to configure your MongoClient instance, select the tab corresponding to your driver:
To learn about additional options for configuring Automatic Encryption Shared Library, see Configuration.