Protect Sensitive Data with Queryable Encryption

MongoDB's client-side field-level encryption keeps your data encrypted at rest, in transit, in memory, and in logs — while still allowing you to query it. Zero trust, zero compromise.

View Demo Search Encrypted Data

Three Encryption Modes

Choose the right encryption strategy for each field based on your query requirements

Equality

Exact Match Queries

Search for exact values like SSN, name, or ID. Supports $eq, $ne, and $in operators while keeping data fully encrypted.

                        // Find by SSN

                        { ssn: "123-45-6789" }

Range

Range Queries

Query encrypted numeric and date fields with comparison operators. Find patients born between dates or salaries within a range.

                        // Born 1960-1980

                        { dob: { $gte: "1960", $lte: "1980" } }

Random

Maximum Security

For highly sensitive fields that don't need querying. Each encryption produces unique ciphertext, preventing pattern analysis.

                        // Protected fields

                        email, diagnosis, medications

How It Works

Client-side encryption means your data is encrypted before it ever leaves your application

1. Key Generation

Data Encryption Keys (DEKs) are generated per-field and stored encrypted in MongoDB

2. Client Encryption

The MongoDB driver encrypts fields locally using the crypt_shared library

3. Encrypted Storage

Data arrives at MongoDB already encrypted — the server never sees plaintext

4. Queryable

Special indexes allow queries on encrypted data without decryption on the server

Healthcare Demo

HIPAA-Ready Patient Records

This demo showcases a healthcare use case where patient records contain highly sensitive data that must be protected under HIPAA regulations.

SSN & Names — Equality-encrypted for exact lookups
Date of Birth — Range-encrypted for age queries
Diagnosis & Meds — Random-encrypted for max protection
Zero server access — Data encrypted client-side

Try Encrypted Search

Raw MongoDB Document Encrypted

{
  "_id": "507f1f77bcf86cd799439011",
  "firstName": "BinData(6, 'Axk2...')",
  "lastName": "BinData(6, 'Byt7...')",
  "ssn": "BinData(6, 'Czm9...')",
  "dateOfBirth": "BinData(6, 'Dpq4...')",
  "diagnosis": "BinData(6, 'Ewk1...')",
  "__safeContent__": [ ... ]
}

Ready to Explore?

See queryable encryption in action with real patient data

View Patients Search Add Patient