Unable understand how to install libmongocrypt

Question

I am trying to setup a mongo connection in NODE.js with autoEncrypt option and it of course tries to connect with the driver at port 27020. I don't have libmongocrypt service running so the connection generates the following error.

ECONNREFUSED 127.0.0.1:27020

I am trying to implement manual encryption with bypassAutoEncryption flag.

I am aware we have to use this library but it appears to be a C library and I am still clueless how I can setup libmongocrypt on my local environment.

OS: Windows 10 MONGO VERSION: 5.0

Any help would be appreciated! Thank you

Answer 1

I'm not familiar with Node itself, but these are common details about this workflow (writing it as answer since it's quite big):

1. libmongocrypt is a C library that is used by the driver, usually it's embedded in the driver (unless Node doesn't support it for some reason).
2. ECONNREFUSED 127.0.0.1:27020 this error says that a process required for encryption called mongocryptd is not launched, it's not the same as libmongocrypt library (it's completely different things), you can launch this process by:
   • Just manual launch. This file is placed in SERVER_PATH\bin\mongocryptd.exe. Use it only as quick check.
   • Filling autoEncryption.extraOptions.mongocryptdSpawnPath with the path to mongocryptd.exe, you can find some details here

it's worth mention that auto encryption (along with mongocryptd) is available only in enterprise server.

Answer 2

I also had the same problem. But my app runs in a Cloud Function (like AWS Lambda) and installing something is not possible.

Despite docs and forums said that Atlas support Auto Encrypt I couldn't make this work. So I tried Explicit Encryption that work's fine.

So you just need to specify bypassAutoEncryption attribute:

const secureClient = new MongoClient(connectionString, {
  useNewUrlParser: true,
  useUnifiedTopology: true,
  autoEncryption: {
    bypassAutoEncryption: true, // explicit encryption
    keyVaultNamespace,
    kmsProviders,
    // schemaMap: userSchema,
    // extraOptions,
  },
});

And encrypt data by yourself (what I find better - I have more control):

const randomEnc = {
  algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Random',
  // keyId: [new Binary(Buffer.from(dataKey, 'base64'), 4)], // I also couldn't make this work
  keyAltName: 'demo-data-key',
};

const writeResult = await secureClient
  .db(db)
  .collection(coll)
  .insertOne({
    name: 'Jon Doe',
    ssn: await encryption.encrypt(241014209, randomEnc),
    bloodType: await encryption.encrypt('AB+', randomEnc),
    'key-id': 'demo-data-key',
    medicalRecords: await encryption.encrypt([{ weight: 180, bloodPressure: '120/80' }], randomEnc),
    insurance: {
      policyNumber: await encryption.encrypt(123142, randomEnc),
      provider: 'MaestCare',
    },
  });

Decryption will be automatic, you don't need to do anything.