Queryable Encryption可查询加密
On this page本页内容
Introduction介绍
Queryable Encryption gives you the ability to perform the following tasks:可查询加密使您能够执行以下任务:
Encrypt sensitive data fields from the client-side.从客户端加密敏感数据字段。Store sensitive data fields as fully randomized encrypted data on the database server-side.将敏感数据字段作为完全随机化的加密数据存储在数据库服务器端。Run expressive queries on the encrypted data.对加密数据运行表达式查询。
These tasks are all completed without the server having knowledge of the data it's processing.这些任务都是在服务器不知道其正在处理的数据的情况下完成的。
Sensitive data is encrypted throughout its lifecycle - in-transit, at-rest, in-use, in logs, and backups - and only ever decrypted on the client-side, since only you have access to the encryption keys.敏感数据在其整个生命周期中都是加密的——在传输、静止、使用、日志和备份中——并且只有在客户端上解密,因为只有您才能访问加密键。
Queryable Encryption introduces an industry-first fast, searchable encryption scheme developed by the pioneers in encrypted search. 可查询加密引入了业界首个由加密搜索先驱开发的快速、可搜索的加密方案。The feature supports equality searches, with additional query types such as range, prefix, suffix, and substring planned for future releases.该功能支持相等搜索,并为未来版本计划了其他查询类型,如范围、前缀、后缀和子字符串。
You can set up Queryable Encryption using the following mechanisms:您可以使用以下机制设置可查询加密:
Automatic Encryption: Enables you to perform encrypted read and write operations without you having to write code to specify how to encrypt fields.自动加密:使您能够执行加密的读写操作,而无需编写代码来指定如何加密字段。Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library.显式加密:使您能够通过MongoDB驱动程序的加密库执行加密的读写操作。You must specify the logic for encryption with this library throughout your application.您必须在整个应用程序中指定使用此库进行加密的逻辑。
Considerations注意事项
Compatibility兼容性
The following table shows which MongoDB server products support which Queryable Encryption mechanisms:下表显示了哪些MongoDB服务器产品支持哪些可查询加密机制:
| MongoDB Atlas | Yes | Yes |
| MongoDB Enterprise Advanced | Yes | Yes |
| MongoDB Community Edition | No | Yes |
To learn which MongoDB drivers support Queryable Encryption, see Queryable Encryption Compatibility.要了解哪些MongoDB驱动程序支持可查询加密,请参阅可查询加密兼容性。
MongoDB Support LimitationsMongoDB支持限制
Enabling Queryable Encryption on a collection redacts fields from some diagnostic commands and omits some operations from the query log. 对集合启用Queryable Encryption会编辑某些诊断命令中的字段,并省略查询日志中的一些操作。This limits the data available to MongoDB support engineers, especially when analyzing query performance. 这限制了MongoDB支持工程师可用的数据,尤其是在分析查询性能时。To measure the impact of operations against encrypted collections, use a third party application performance monitoring tool to collect metrics.要衡量针对加密集合的操作的影响,请使用第三方应用程序性能监控工具来集合度量。
For details, see Redaction.有关详细信息,请参阅Redaction。
Features功能
To learn about the security benefits of Queryable Encryption for your applications, see the Features page.要了解应用程序的可查询加密的安全优势,请参阅功能页面。
Install安装
To learn what you must install to use Queryable Encryption, see the Installation Requirements page.要了解使用可查询加密必须安装什么,请参阅安装要求页面。
Quick Start快速入门
To start using Queryable Encryption, see the Quick Start.要开始使用可查询加密,请参阅快速入门。
Fundamentals基础
To learn how Queryable Encryption works and how to set it up, see the Fundamentals section.要了解可查询加密的工作原理和设置方法,请参阅基础知识部分。
The fundamentals section contains the following pages:基本原理部分包含以下页面:
Tutorials教程
To learn how to perform specific tasks with Queryable Encryption, see the Tutorials section.要了解如何使用可查询加密执行特定任务,请参阅教程部分。
Reference参考资料
To view information to help you develop your Queryable Encryption enabled applications, see the Reference section.要查看帮助您开发启用可查询加密的应用程序的信息,请参阅参考部分。
The reference section contains the following pages:参考部分包含以下页面:
Queryable Encryption Compatibility可查询加密兼容性Limitations局限性Supported Operations for Queryable Encryption可查询加密支持的操作MongoClient Options for Queryable Encryption可查询加密的MongoClient选项Automatic Encryption Shared Library for Queryable Encryption用于可查询加密的自动加密共享库Install libmongocrypt安装libmongocryptInstall and Configure mongocryptd for Queryable Encryption为可查询加密安装和配置mongocrypted