Docs Menu
Docs Home
/
MongoDB Manual
/ / /

Compatibility

On this page

  • Queryable Encryption Compatibility
  • Queryable Encryption Driver Compatibility
  • MongoDB Support Limitations
  • Client-Side Field Level Encryption Compatibility
  • Client-Side Field Level Encryption Driver Compatibility

This page describes the MongoDB editions and driver versions compatible with Queryable Encryption and Client-Side Field Level Encryption to help you determine whether your deployment supports each in-use encryption feature.

You can use Queryable Encryption on a MongoDB 7.0 or later replica set or sharded cluster, but not a standalone instance. The following table shows which MongoDB server products support which Queryable Encryption mechanisms:

Product Name
Minimum Version
Supports Queryable Encryption with Automatic Encryption
Supports Queryable Encryption with Explicit Encryption
MongoDB Atlas [1]
7.0
Yes
Yes
MongoDB Enterprise Advanced
7.0
Yes
Yes
MongoDB Community Edition
7.0
No
Yes
[1] Queryable Encryption is compatible with MongoDB Atlas but not MongoDB Atlas Search.

Queryable Encryption requires the following minimum versions for compatible MongoDB drivers:

Driver
Minimum Version
Encryption Library
1.24.0
libmongocrypt version 1.8.0 or later.
3.8.0
libmongocrypt version 1.8.0 or later.
2.20.0

No additional dependency for C#/.NET versions earlier than 3.0.

C#/.NET version 3.0 or later requires the MongoDB.Driver.Encryption package.

1.12
libmongocrypt version 1.8.0 or later.
4.10.0
5.5.0

mongodb-client-encryption version 2.8.0 or later.

Node 6.0.0 or later requires mongodb-client-encryption with the same major version number as the Node.js driver. For example, Node.js driver v6.x.x requires mongodb-client-encryption v6.x.x.

1.16
No additional dependency.
4.4
pymongocrypt version 1.6 or later.
2.19
libmongocrypt-helper version 1.8.0 or later.
2.4.0
libmongocrypt version 1.8.0 or later.
4.10.0
mongodb-crypt version 1.8.0 or later

Enabling Queryable Encryption on a collection redacts fields from some diagnostic commands and omits some operations from the query log. This limits the data available to MongoDB support engineers, especially when analyzing query performance. To measure the impact of operations against encrypted collections, use a third party application performance monitoring tool to collect metrics.

You can use Client-Side Field Level Encryption (CSFLE) replica set or sharded cluster, but not a standalone instance. The following table shows which MongoDB server products support which Client-Side Field Level Encryption mechanisms:

Product Name
Minimum Version
Supports CSFLE with Automatic Encryption
Supports CSFLE with Explicit Encryption
MongoDB Atlas
Yes
Yes
MongoDB Enterprise Advanced
4.2
Yes
Yes
MongoDB Community Edition
4.2
No
Yes

Client-Side Field Level Encryption requires the following minimum versions for compatible MongoDB drivers.

Important

Key Rotation Support

To use the Key Rotation API, you must use specific versions of either your driver's binding package or libmongocrypt.

Driver
Minimum Version
Key Rotation Requirements
1.17.5
No additional requirements.
3.6.0
No additional requirements.
2.10.0

Driver version 2.17.1 or later.

C#/.NET version 3.0 or later requires the MongoDB.Driver.Encryption package.

1.2
libmongocrypt version 1.5.2 or later.
3.11.0
mongodb-crypt version 1.7.3 or later.
1.12.0
mongodb-crypt version 1.7.3 or later.
3.4.0
For driver version 6.0 or later, use the same mongodb-client-encryption major version as the driver. Otherwise, use mongodb-client-encryption 2.2.0 - 2.x.
1.6.0
No additional requirements.
3.10.0
pymongocrypt version 1.3.1 or later.
2.12.1
No additional requirements.
2.4.0
libmongocrypt version 1.8.0 or later.
2.7.0
No additional requirements.

Back

CSFLE Limitations