CSFLE Encryption ComponentsCSFLE加密组件

libmongocrypt

libmongocrypt is the Apache-licensed open-source core cryptography library used by the official MongoDB 4.2+ compatible drivers and mongosh to power Client-Side Field Level Encryption. Some drivers may require specific integration steps to install or link the library.

To view steps for installing libmongocrypt, see the libmongocrypt reference page.

mongocryptd

mongocryptd supports automatic encryption and is only available with MongoDB Enterprise. mongocryptd does not perform cryptographic functions.支持自动加密，并且仅适用于MongoDB Enterprise。mongocryptd不执行加密功能。

To learn more about mongocryptd, see Install and Configure mongocryptd for CSFLE.要了解有关mongocrypted的更多信息，请参阅为CSFLE安装和配置mongocryptd。

Key Vault collection键保管库集合

The Key Vault collection is a standard MongoDB collection that stores all Data Encryption Keys used to encrypt application data. Data Encryption Keys are themselves encrypted using a Customer Master Key (CMK) prior to storage in the Key Vault collection. Key Vault集合是一个标准的MongoDB集合，用于存储用于加密应用程序数据的所有数据加密键。数据加密键在存储到键保管库集合之前，会使用客户主键（CMK）对其本身进行加密。You can host your Key Vault collection on a different MongoDB cluster than the cluster storing your encrypted application data.您可以将键库集合托管在与存储加密应用程序数据的集群不同的MongoDB集群上。

To learn more about the Key Vault collection, see Keys and Key Vaults.

Key Management System键管理系统

The Key Management System (KMS) stores the Customer Master Key (CMK) used to encrypt Data Encryption Keys.

To view a list of all KMS providers MongoDB supports, see CSFLE KMS Providers.

MongoDB Cluster

The MongoDB cluster which stores the encrypted data may also enforce Client-Side Field Level Encryption. 存储加密数据的MongoDB集群也可以强制执行客户端字段级加密。For more information on server-side schema enforcement, see CSFLE Server-Side Schema Enforcement.有关服务器端模式强制的更多信息，请参阅CSFLE服务器端模式执行。