MongoDB provides two approaches to In-Use Encryption:MongoDB提供了两种使用中加密的方法:
Choosing an In-Use Encryption Approach选择使用中的加密方法
You can use both Queryable Encryption and Client-Side Field Level Encryption in the same deployment, but they are incompatible with each other in the same collection. 您可以在同一部署中同时使用可查询加密和客户端字段级加密,但它们在同一集合中彼此不兼容。For a comparison of the two, including compatibility with MongoDB versions and points to consider when choosing one or the other, see Choosing an In-Use Encryption Approach.有关两者的比较,包括与MongoDB版本的兼容性以及选择一种或另一种时需要考虑的要点,请参阅选择使用中的加密方法。
Encryption Keys and Key Vaults加密键和键库
Both Queryable Encryption and Client-Side Field Level Encryption use an envelope encryption approach to encrypt data, where an encrypted field in a document uses a unique Data Encryption Key, and those keys are encrypted using a Customer Master Key.可查询加密和客户端字段级加密都使用信封加密方法来加密数据,其中文档中的加密字段使用唯一的数据加密键,这些键使用客户主键进行加密。
For details, see Encryption Keys and Key Vaults.有关详细信息,请参阅加密键和键库。
Queryable Encryption可查询加密
To learn how Queryable Encryption and its components work and how to implement it in your application, see Queryable Encryption.要了解可查询加密及其组件的工作原理以及如何在应用程序中实现它,请参阅可查询加密。
Client-Side Field Level Encryption客户端字段级加密
To learn how Client-Side Field Level Encryption and its components work and how to implement it in your application, see Client-Side Field Level Encryption.要了解客户端字段级加密及其组件的工作原理以及如何在应用程序中实现它,请参阅客户端字段级密码。