Introduction介绍
Client-Side Field Level Encryption (CSFLE) is a feature that enables you to encrypt data in your application before you send it over the network to MongoDB. With CSFLE enabled, no MongoDB product has access to your data in an unencrypted form.客户端字段级加密(CSFLE)是一种功能,它使您能够在通过网络将数据发送到MongoDB之前对应用程序中的数据进行加密。启用CSFLE后,任何MongoDB产品都无法以未加密的形式访问数据。
You can set up CSFLE using the following mechanisms:您可以使用以下机制设置CSFLE:
Automatic Encryption: Enables you to perform encrypted read and write operations without having to add explicit calls to encrypt and decrypt fields.自动加密:使您能够执行加密的读写操作,而无需添加显式调用来加密和解密字段。Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.显式加密:使您能够通过MongoDB驱动程序的加密库执行加密的读写操作。您必须在整个应用程序中使用此库指定加密逻辑。
Considerations注意事项
When implementing an application that uses Client-Side Field Level Encryption, consider the points listed in Security Considerations.在实现使用客户端字段级加密的应用程序时,请考虑安全注意事项中列出的要点。
For limitations, see CSFLE limitations.有关限制,请参阅CSFLE限制。
Compatibility兼容性
To learn which MongoDB server products and drivers support CSFLE, see Client-Side Field Level Encryption Compatibility.要了解哪些MongoDB服务器产品和驱动程序支持CSFLE,请参阅客户端字段级加密兼容性。
Features功能
To learn about the security benefits of CSFLE for your applications, see the CSFLE Features page.要了解CSFLE对应用程序的安全优势,请参阅CSFLE功能页面。
Installation安装
To learn what you must install to use CSFLE, see the Installation Requirements page.要了解使用CSFLE必须安装什么,请参阅安装要求页面。
Quick Start快速开始
To start using CSFLE, see the CSFLE Quick Start.要开始使用CSFLE,请参阅CSFLE快速入门。
Throughout this guide, code examples use placeholder text. Before you run the examples, substitute your own values for these placeholders.在本指南中,代码示例使用占位符文本。在运行示例之前,用您自己的值替换这些占位符。
For example:例如:
dek_id := "<Your Base64 DEK ID>"You would replace everything between quotes with your DEK ID.您将用DEK ID替换引号之间的所有内容。
dek_id := "abc123"Fundamentals基础
To learn how CSFLE works and how to set it up, see the CSFLE Fundamentals section.要了解CSFLE的工作原理以及如何设置它,请参阅CSFLE基础部分。
The fundamentals section contains the following pages:基础部分包含以下页面:
Tutorials教程
To learn how to perform specific tasks with CSFLE, see the CSFLE Tutorials section.要了解如何使用CSFLE执行特定任务,请参阅CSFLE教程部分。
Reference参考
To learn about encryption key management, read Encryption Keys and Key Vaults.要了解加密键管理,请阅读加密键和键库。
For more information about developing your CSFLE-enabled applications, see the CSFLE Reference section, which contains the following pages:有关开发支持CSFLE的应用程序的更多信息,请参阅CSFLE参考部分,其中包含以下页面:
CSFLE Encryption SchemasCSFLE加密模式CSFLE Server-Side Schema EnforcementCSFLE服务器端架构实施Supported Operations for Automatic Encryption支持的自动加密操作MongoClient Options for CSFLECSFLE的MongoClient选项CSFLE Encryption ComponentsCSFLE加密组件How CSFLE Decrypts DocumentsCSFLE如何解密文档Cryptographic Primitives密码学原语Install and Configure a CSFLE Query Analysis Component安装并配置CSFLE查询分析组件Install libmongocrypt for CSFLE为CSFLE安装libmongocrypt