MongoDB Field Level Encryption

ksericpro
6 min readDec 6, 2023

We are living in the age where vast amount of data including personal information are collected. Such data are often stored in modern database like couchDB, MongoDB and Elasticsearch. In order to be in line with PDPA guidelines, certain fields in the database need to be encrypted.

The architecture is as such:

Mongo FLE Architecture

Here are the characteristics:

  • Column are encrypted/decrypted using Data Key.
  • Data Key itself is encrypted/decrypted by Master Key.
  • Data Key is stored in Mongo collection.
  • Master Key is stored in KMS.
  • Schema is also stored in Mongo collection.

Let’s dive to see what happen when we read data from encrypted fields:

Read Data FLE Process

Similarly, let us see what happen when encrypted data are written:

--

--