Docs HomeMongoDB Manual

Automatic Encryption Shared Library for Queryable Encryption用于可查询加密的自动加密共享库

On this page本页内容

Queryable Encryption with equality queries is generally available (GA) in MongoDB 7.0 and later. 具有相等查询的可查询加密在MongoDB 7.0及更高版本中通常可用(GA)。The Queryable Encryption Public Preview, released in version 6.0, is no longer supported. Data encrypted using the Public Preview is incompatible with the feature release. 不再支持6.0版本中发布的“可查询加密预览”。使用公共预览加密的数据与功能版本不兼容。For more information, see Compatibility Changes in MongoDB 7.0.有关更多信息,请参阅MongoDB 7.0中的兼容性更改

Overview概述

The Automatic Encryption Shared Library is a dynamic library that enables your client application to perform automatic Queryable Encryption. 自动加密共享库是一个动态库,使您的客户端应用程序能够执行自动可查询加密。A dynamic library is a set of functionality accessed by an application at runtime rather than compile time. The Automatic Encryption Shared Library performs the following tasks:动态库是应用程序在运行时而不是编译时访问的一组功能。自动加密共享库执行以下任务:

  • Reads the encrypted fields map to determine which fields to encrypt or decrypt读取加密字段映射以确定要加密或解密的字段
  • Prevents your application from executing unsupported operations on encrypted fields阻止应用程序对加密字段执行不受支持的操作

The Automatic Encryption Shared Library does not do any of the following:自动加密共享库执行以下任何操作:

  • Perform data encryption or decryption执行数据加密或解密
  • Access the encryption key material访问加密键材料
  • Listen for data over the network通过网络监听数据
Important

Supported MongoDB Server Products支持的MongoDB服务器产品

Automatic Queryable Encryption is only available in the following MongoDB server products:自动可查询加密仅在以下MongoDB服务器产品中可用:

  • MongoDB Atlas 7.0 or later clustersMongoDB Atlas 7.0或更高版本的集群
  • MongoDB Enterprise 7.0 or laterMongoDB Enterprise 7.0或更高版本

Automatic Queryable Encryption is not available in any version of MongoDB Community Server.自动可查询加密在任何版本的MongoDB Community Server中都不可用。

The Automatic Encryption Shared Library is a preferred alternative to mongocryptd and does not require you to spawn another process to perform automatic encryption.自动加密共享库是mongocrypted的首选替代方案,不需要生成另一个进程来执行自动加密。

Tip

While we recommend using the Automatic Encryption Shared Library, mongocryptd is still supported.虽然我们建议使用自动加密共享库,但mongocrypted仍然受支持。

To learn more about mongocryptd, see Install and Configure mongocryptd for Queryable Encryption.要了解有关mongocryptd的更多信息,请参阅安装和配置mongocryptd以进行可查询加密

To learn more about automatic encryption, see Features.要了解有关自动加密的更多信息,请参阅功能

Download the Automatic Encryption Shared Library下载自动加密共享库

Download the Automatic Encryption Shared Library from the MongoDB Download Center by selecting the version and platform, then the library:MongoDB下载中心下载自动加密共享库,方法是选择版本和平台,然后选择库:

  1. In the Version dropdown, select 7.0.0 (current).
  2. In the Platform dropdown, select your platform.
  3. In the Package dropdown, select crypt_shared.
  4. Click Download.
Tip

To view an expanded list of available releases and packages, see MongoDB Enterprise Downloads.要查看可用版本和软件包的扩展列表,请参阅MongoDB企业下载

Configuration配置

You can configure how your driver searches for the Automatic Encryption Shared Library through the following parameters:您可以通过以下参数配置驱动程序搜索自动加密共享库的方式:

Name名称Description描述
cryptSharedLibPathSpecifies the absolute path to the Automatic Encryption Shared Library package,指定自动加密共享库包的绝对路径,
crypt_shared.
Default: undefined
cryptSharedLibRequiredSpecifies if the driver must use the Automatic Encryption Shared Library. 指定驱动程序是否必须使用自动加密共享库。If true, the driver raises an error if the Automatic Encryption Shared Library is unavailable.如果为true,则如果自动加密共享库不可用,则驱动程序将引发错误。
If false, the driver performs the following sequence of actions:如果为false,驱动程序将执行以下操作序列:
  1. Attempts to use the Automatic Encryption Shared Library.尝试使用自动加密共享库。
  2. If the Automatic Encryption Shared Library is unavailable, the driver attempts to spawn and connect to mongocryptd.如果自动加密共享库不可用,则驱动程序会尝试生成并连接到mongocrypted

Default: false

To view an example demonstrating how to configure these parameters, see the Quick Start.要查看演示如何配置这些参数的示例,请参阅快速入门