Is Client-Side Field Level Encryption supported with Atlas?

I know this might be an interesting question but I along with others are having difficulty getting CSFLE working with Atlas, all of the guides show working examples with a locally hosted instance. Connection errors generally seam to originate while trying to perform the mongocryptd handshake. Before I put any more dev time into getting this to work I would like to confirm that is will work with Atlas…I had assumed it would however I can’t seam to show any guides that reference it. If anyone has a working connection config with Atlas it would sure save us some time.

Thanks,

David

https://docs.mongodb.com/manual/core/security-client-side-encryption/

“MongoError: Unable to connect to mongocryptd, please make sure it is running or in your PATH for auto-spawn”

1 Like

Hi @David_Stewart,

Yes, Client-Side Field Level Encryption is supported with MongoDB Atlas v4.2 clusters.

For Automatic Encryption methods, the official MongoDB 4.2-compatible drivers require access to the mongocryptd process on the application/client host machine. The 4.2-compatible drivers by default search for the mongocryptd process in the system PATH.

The error message indicates that you may not have mongocryptd installed and/or available in the application system PATH. See mongocryptd installation for more information. You may also find the Encryption Components diagram that illustrates the relationships between the components useful.

Also, please ensure that you’re using the official v4.2 compatible driver and versions. See Driver Compatibility Table for more information.

You can follow Client-Side Field Level Encryption Guide for an introduction on how to implement automatic CSFLE. The guide contains example and code snippets in Java, Node.JS and Python.

Regards,
Wan

1 Like

Wan,

Thanks for the clarification. Looks like we will need it install this process in our docker file. Do you know of a good example that for a Node deployment that we can reference where it will just install the process, not the entire mongoDB server library?

David

Hi David,

Per the mongocryptd installation guide that Wan mentioned, there is a mongodb-enterprise-cryptd package available for the same Linux systems supported for MongoDB Enterprise.

You can use the instructions to Install MongoDB Enterprise on Linux as a reference for steps to add to your Docker image with the Node deployment, but use the more specific mongodb-enterprise-cryptd package instead of mongodb-enterprise.

Regards,
Stennie

Thanks Stennie,

I will report back, thanks for the help everyone!

Hi @David_Stewart,

Please have a look at this Dockerfile example: github.com/sindbach/field-level-encryption-docker that only installs mongodb-enterprise-cryptd package.

Regards,
Wan.

2 Likes

Wan this is GREAT thanks for posting!

David

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.