diff --git a/source/compatibility.txt b/source/compatibility.txt index ec543b32..afdbd328 100644 --- a/source/compatibility.txt +++ b/source/compatibility.txt @@ -25,11 +25,18 @@ of the {+driver-long+} for use with a specific version of MongoDB. The first column lists the driver version. -.. sharedinclude:: dbx/lifecycle-schedule-callout.rst +.. include:: /includes/include-fixes/lifecycle-schedule-callout.rst -.. sharedinclude:: dbx/compatibility-table-legend.rst +.. include:: /includes/include-fixes/compatibility-table-legend.rst + +.. include:: /includes/mongodb-compatibility-table-csharp.rst + +.. .. sharedinclude:: dbx/lifecycle-schedule-callout.rst + +.. .. sharedinclude:: dbx/compatibility-table-legend.rst + +.. .. sharedinclude:: dbx/mongodb-compatibility-table-csharp.rst -.. sharedinclude:: dbx/mongodb-compatibility-table-csharp.rst Language Compatibility ---------------------- @@ -39,7 +46,9 @@ The following compatibility table specifies the recommended version of the The first column lists the driver version. -.. sharedinclude:: dbx/language-compatibility-table-csharp.rst +.. include:: /includes/language-compatibility-table-csharp.rst + +.. .. sharedinclude:: dbx/language-compatibility-table-csharp.rst For more information on how to read the compatibility tables, see our guide on :ref:`MongoDB Compatibility Tables. ` diff --git a/source/fundamentals/encrypt-fields.txt b/source/fundamentals/encrypt-fields.txt index f519dca0..2d31bfb2 100644 --- a/source/fundamentals/encrypt-fields.txt +++ b/source/fundamentals/encrypt-fields.txt @@ -1,5 +1,7 @@ .. _csharp-fle: -.. sharedinclude:: dbx/encrypt-fields.rst +.. include:: /includes/include-fixes/encrypt-fields.rst - .. replacement:: driver-specific-content +.. .. sharedinclude:: dbx/encrypt-fields.rst + +.. .. replacement:: driver-specific-content diff --git a/source/includes/include-fixes/compatibility-table-legend.rst b/source/includes/include-fixes/compatibility-table-legend.rst new file mode 100644 index 00000000..074b63ae --- /dev/null +++ b/source/includes/include-fixes/compatibility-table-legend.rst @@ -0,0 +1,18 @@ +Compatibility Table Legend +++++++++++++++++++++++++++ + +.. list-table:: + :header-rows: 1 + :stub-columns: 1 + :class: compatibility + + * - Icon + - Explanation + + * - ✓ + - All features are supported. + * - ⊛ + - The Driver version will work with the MongoDB version, but not all + new MongoDB features are supported. + * - No mark + - The Driver version is not tested with the MongoDB version. \ No newline at end of file diff --git a/source/includes/include-fixes/encrypt-fields.rst b/source/includes/include-fixes/encrypt-fields.rst new file mode 100644 index 00000000..0605b46b --- /dev/null +++ b/source/includes/include-fixes/encrypt-fields.rst @@ -0,0 +1,90 @@ +================= +In-Use Encryption +================= + +.. contents:: On this page + :local: + :backlinks: none + :depth: 2 + :class: singlecol + +Overview +-------- + +You can use the {+driver-short+} to encrypt specific document fields by using a +set of features called **in-use encryption**. In-use encryption allows +your application to encrypt data *before* sending it to MongoDB +and query documents with encrypted fields. + +In-use encryption prevents unauthorized users from viewing plaintext +data as it is sent to MongoDB or while it is in an encrypted database. To +enable in-use encryption in an application and authorize it to decrypt +data, you must create encryption keys that only your application can +access. Only applications that have access to your encryption +keys can access the decrypted, plaintext data. If an attacker gains +access to the database, they can only see the encrypted ciphertext data +because they lack access to the encryption keys. + +You might use in-use encryption to encrypt fields in your MongoDB +documents that contain the following types of sensitive data: + +- Credit card numbers +- Addresses +- Health information +- Financial information +- Any other sensitive or personally identifiable information (PII) + +MongoDB offers the following features to enable in-use encryption: + +- :ref:`Queryable Encryption ` +- :ref:`Client-side Field Level Encryption ` + +.. _subsection-qe: + +Queryable Encryption +~~~~~~~~~~~~~~~~~~~~ + +Queryable Encryption is the next-generation in-use encryption feature, +first introduced as a preview feature in MongoDB Server version 6.0 and +as a generally available (GA) feature in MongoDB 7.0. Queryable +Encryption supports searching encrypted fields for equality and encrypts +each value uniquely. + +.. important:: Preview Feature Incompatible with MongoDB 7.0 + + The implementation of Queryable Encryption in MongoDB 6.0 is incompatible with the GA version introduced in MongoDB 7.0. The Queryable Encryption preview feature is no longer supported. + +To learn more about Queryable Encryption, see :manual:`Queryable +Encryption ` in the Server manual. + +.. _subsection-csfle: + +Client-side Field Level Encryption +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Client-side Field Level Encryption (CSFLE) was introduced in MongoDB +Server version 4.2 and supports searching encrypted fields for equality. +CSFLE differs from Queryable Encryption in that you can select either a +deterministic or random encryption algorithm to encrypt fields. You can only +query encrypted fields that use a deterministic encryption algorithm when +using CSFLE. When you use a random encryption algorithm to encrypt +fields in CSFLE, they can be decrypted, but you cannot perform equality +queries on those fields. When you use Queryable Encryption, you cannot +specify the encryption algorithm, but you can query all encrypted +fields. + +When you deterministically encrypt a value, the same input value +produces the same output value. While deterministic encryption allows +you to perform queries on those encrypted fields, encrypted data with +low cardinality is susceptible to code breaking by frequency analysis. + +.. tip:: + + To learn more about these concepts, see the following Wikipedia + entries: + + - :wikipedia:`Cardinality ` + - :wikipedia:`Frequency Analysis ` + +To learn more about CSFLE, see :manual:`CSFLE ` in the +Server manual. diff --git a/source/includes/include-fixes/lifecycle-schedule-callout.rst b/source/includes/include-fixes/lifecycle-schedule-callout.rst new file mode 100644 index 00000000..ae9fb68c --- /dev/null +++ b/source/includes/include-fixes/lifecycle-schedule-callout.rst @@ -0,0 +1,6 @@ +.. important:: + + MongoDB ensures compatibility between the MongoDB Server and the drivers + for three years after the server version's end of life (EOL) date. To learn + more about the MongoDB release and EOL dates, see + `MongoDB Software Lifecycle Schedules `__.