Blog Post

MongoDB Client-Side Field Level Encryption and Azure Key Vault

This sample application demonstrates how to integrate Azure Key Vault with MongoDB's Client Side Field Level Encryption in a .NET Core application.

MongoDB Dependencies

A MongoDB Atlas cluster running MongoDB 4.2 (or later) OR MongoDB 4.2 Enterprise Server (or later). Required for automatic encryption.
MongoDB .NET Driver 2.13.0 (or later)
Mongocryptd

Azure Dependencies

An Azure Account with an active subscription and the same permissions as those found in any of these Azure AD roles (only one is needed):
An Azure AD tenant (you can use an existing one, assuming you have appropriate permissions)
Azure CLI

Clone this repository:
```
  git clone https://github.com/adriennetacke/mongodb-csfle-csharp-demo-azure.git
```
💡 If you decide to share this repo at all, immediately add the launchSettings.json file to your .gitignore file so that you don't inadvertently expose your variables to the world! Well, why is there a launchSettings.json file in your repo, Adrienne? I've deliberately left this file in to make development/learning a bit easier for you. :)
Navigate to the cloned repo's directory and open the application in Visual Studio:
```
  cd mongodb-csfle-csharp-demo-azure
  EnvoyMedSys.sln
```
Go to Properties > launchSettings.json and update all of the placeholder variables:
- MDB_ATLAS_URI: The connection string to your MongoDB Atlas cluster. This enables the storage of our data encryption key, encrypted by Azure Key Vault. Be sure to update the <USERNAME>, <PASSWORD>, and <CLUSTER_NAME> portions of the URI with your own credentials!
- AZURE_TENANT_ID: Identifies the organization of the Azure account.
- AZURE_CLIENT_ID: Identifies the clientId to authenticate your registered application.
- AZURE_CLIENT_SECRET: Used to authenticate your registered application.
- AZURE_KEY_NAME: Name of the Customer Master Key stored in Azure Key Vault.
- AZURE_KEYVAULT_ENDPOINT: URL of the Key Vault. e.g. yourVaultName.vault.azure.net