In-Use Encryption#

In-Use Encryption consists of two features:


Using In-Use Encryption in the C driver requires the dependency libmongocrypt. See the MongoDB Manual for libmongocrypt installation instructions.

Once libmongocrypt is installed, configure the C driver with -DENABLE_CLIENT_SIDE_ENCRYPTION=ON to require In-Use Encryption be enabled.

$ cd mongo-c-driver
$ mkdir cmake-build && cd cmake-build
$ cmake --build . --target install


mongoc_client_encryption_t is used for explicit encryption and key management. mongoc_client_enable_auto_encryption() and mongoc_client_pool_enable_auto_encryption() is used to enable automatic encryption.

The Queryable Encryption and CSFLE features share much of the same API with some exceptions.

Query Analysis#

To support the automatic encryption feature, one of the following dependencies are required:

A mongoc_client_t or mongoc_client_pool_t configured with auto encryption will automatically try to load the crypt_shared library. If loading the crypt_shared library fails, the mongoc_client_t or mongoc_client_pool_t will try to spawn the mongocryptd process from the application’s PATH. To configure use of crypt_shared and mongocryptd see mongoc_auto_encryption_opts_set_extra().