Queryable Encryption可查询加密
Introduction介绍
Queryable Encryption gives you the ability to perform the following tasks:可查询加密使您能够执行以下任务:
Encrypt sensitive data fields from the client-side.加密客户端的敏感数据字段。Store sensitive data fields as fully randomized encrypted data on the database server-side.将敏感数据字段作为完全随机化的加密数据存储在数据库服务器端。Run expressive queries on the encrypted data.对加密数据运行富有表现力的查询。
These tasks are all completed without the server having knowledge of the data it's processing.这些任务都是在服务器不知道其正在处理的数据的情况下完成的。
Sensitive data is encrypted throughout its lifecycle - in-transit, at-rest, in-use, in logs, and backups - and only ever decrypted on the client-side, since only you have access to the encryption keys.敏感数据在其整个生命周期内(在传输、静止、使用、日志和备份中)都是加密的,并且只在客户端解密,因为只有您才能访问加密键。
Queryable Encryption introduces an industry-first fast, searchable encryption scheme developed by the pioneers in encrypted search. The feature supports equality and range searches, with additional query types such as prefix, suffix, and substring planned for future releases.Queryable Encryption引入了由加密搜索先驱开发的行业首个快速、可搜索的加密方案。该功能支持相等和范围搜索,并计划在未来的版本中使用其他查询类型,如前缀、后缀和子字符串。
You can set up Queryable Encryption using the following mechanisms:您可以使用以下机制设置可查询加密:
Automatic Encryption: Enables you to perform encrypted read and write operations without having to add explicit calls to encrypt and decrypt fields.自动加密:使您能够执行加密的读写操作,而无需添加显式调用来加密和解密字段。Explicit Encryption: Enables you to perform encrypted read and write operations through your MongoDB driver's encryption library. You must specify the logic for encryption with this library throughout your application.显式加密:使您能够通过MongoDB驱动程序的加密库执行加密的读写操作。您必须在整个应用程序中使用此库指定加密逻辑。
Considerations注意事项
When implementing an application that uses Queryable Encryption, consider the points listed in Security Considerations.在实现使用可查询加密的应用程序时,请考虑安全考虑中列出的要点。
For other limitations, see Queryable Encryption limitations.有关其他限制,请参阅可查询加密限制。
Compatibility兼容性
To learn which MongoDB server products and drivers support Queryable Encryption, see Queryable Encryption Compatibility.要了解哪些MongoDB服务器产品和驱动程序支持可查询加密,请参阅可查询加密兼容性。
MongoDB Support LimitationsMongoDB支持限制
Enabling Queryable Encryption on a collection redacts fields from some diagnostic commands and omits some operations from the query log. This limits the data available to MongoDB support engineers, especially when analyzing query performance. To measure the impact of operations against encrypted collections, use a third party application performance monitoring tool to collect metrics.在集合上启用可查询加密会编辑某些诊断命令中的字段,并省略查询日志中的某些操作。这限制了MongoDB支持工程师可用的数据,特别是在分析查询性能时。要衡量操作对加密集合的影响,请使用第三方应用程序性能监控工具集合指标。
For details, see Redaction.有关详细信息,请参阅Redaction。
Features功能
To learn about the security benefits of Queryable Encryption for your applications, see the Queryable Encryption Features page.要了解可查询加密对应用程序的安全好处,请参阅可查询加密功能页面。
Installation安装
To learn what you must install to use Queryable Encryption, see the Install a Queryable Encryption Compatible Driver and Install and Configure a Query Analysis Component pages.要了解使用可查询加密必须安装什么,请参阅安装可查询加密兼容驱动程序以及安装和配置查询分析组件页面。
Quick Start快速开始
To start using Queryable Encryption, see the Queryable Encryption Quick Start.要开始使用可查询加密,请参阅可查询加密快速入门。
Fundamentals基础
To learn about encryption key management, see Encryption Keys and Key Vaults.要了解加密键管理,请参阅加密键和键库。
To learn how Queryable Encryption works, see the Queryable Encryption Fundamentals section, which contains the following pages:要了解可查询加密的工作原理,请参阅可查询加密基础部分,其中包含以下页面:
Tutorials教程
To learn how to perform specific tasks with Queryable Encryption, see the Queryable Encryption Tutorials section.要了解如何使用可查询加密执行特定任务,请参阅可查询加密教程部分。
Reference参考
To view information to help you develop your Queryable Encryption enabled applications, see the Queryable Encryption Reference section.要查看信息以帮助您开发支持可查询加密的应用程序,请参阅可查询加密参考部分。
The reference section contains the following pages:参考部分包含以下页面: