Compatibility
On this page
This page describes the MongoDB editions and driver versions compatible with Queryable Encryption and Client-Side Field Level Encryption to help you determine whether your deployment supports each in-use encryption feature.
Queryable Encryption Compatibility
You can use Queryable Encryption on a MongoDB 7.0 or later replica set or sharded cluster, but not a standalone instance. The following table shows which MongoDB server products support which Queryable Encryption mechanisms:
Product Name | Minimum Version | Supports Queryable Encryption with Automatic Encryption | Supports Queryable Encryption with Explicit Encryption |
---|---|---|---|
MongoDB Atlas [1] | 7.0 | Yes | Yes |
MongoDB Enterprise Advanced | 7.0 | Yes | Yes |
MongoDB Community Edition | 7.0 | No | Yes |
[1] | Queryable Encryption is compatible with MongoDB Atlas but not MongoDB Atlas Search. |
Queryable Encryption Driver Compatibility
Queryable Encryption requires the following minimum versions for compatible MongoDB drivers:
Driver | Minimum Version | Encryption Library |
---|---|---|
1.24.0 | libmongocrypt version 1.8.0 or later. | |
3.8.0 | libmongocrypt version 1.8.0 or later. | |
2.20.0 | No additional dependency for C#/.NET versions earlier than 3.0. C#/.NET version 3.0 or later requires the | |
1.12 | libmongocrypt version 1.8.0
or later. | |
4.10.0 | mongodb-crypt version 1.8.0 or later | |
5.5.0 | mongodb-client-encryption version 2.8.0 or later. Node 6.0.0 or later requires | |
1.16 | No additional dependency. | |
4.4 | pymongocrypt version
1.6 or later. | |
2.19 | libmongocrypt-helper version 1.8.0 or later. | |
2.4.0 | libmongocrypt version 1.8.0
or later. | |
4.10.0 | mongodb-crypt version 1.8.0 or later |
MongoDB Support Limitations
Enabling Queryable Encryption on a collection redacts fields from some diagnostic commands and omits some operations from the query log. This limits the data available to MongoDB support engineers, especially when analyzing query performance. To measure the impact of operations against encrypted collections, use a third party application performance monitoring tool to collect metrics.
Client-Side Field Level Encryption Compatibility
You can use Client-Side Field Level Encryption (CSFLE) replica set or sharded cluster, but not a standalone instance. The following table shows which MongoDB server products support which Client-Side Field Level Encryption mechanisms:
Product Name | Minimum Version | Supports CSFLE with Automatic Encryption | Supports CSFLE with Explicit Encryption |
---|---|---|---|
MongoDB Atlas | Yes | Yes | |
MongoDB Enterprise Advanced | 4.2 | Yes | Yes |
MongoDB Community Edition | 4.2 | No | Yes |
Client-Side Field Level Encryption Driver Compatibility
Client-Side Field Level Encryption requires the following minimum versions for compatible MongoDB drivers.
Important
Key Rotation Support
To use the Key Rotation API, you must use specific versions
of either your driver's binding package or libmongocrypt
.
Driver | Minimum Version | Key Rotation Requirements |
---|---|---|
1.17.5 | No additional requirements. | |
3.6.0 | No additional requirements. | |
2.10.0 | Driver version 2.17.1 or later. C#/.NET version 3.0 or later requires the | |
1.2 | libmongocrypt version 1.5.2 or later. | |
3.11.0 | mongodb-crypt version 1.7.3 or later. | |
1.12.0 | mongodb-crypt version 1.7.3 or later. | |
3.4.0 | For driver version 6.0 or later, use the same mongodb-client-encryption
major version as the driver.
Otherwise, use mongodb-client-encryption 2.2.0 - 2.x. | |
1.6.0 | No additional requirements. | |
3.10.0 | pymongocrypt version 1.3.1 or later. | |
2.12.1 | No additional requirements. | |
2.4.0 | libmongocrypt version 1.8.0
or later. | |
2.7.0 | No additional requirements. |