MongoDB finally decided to decrease the attack surface of their databases by adding field level encryption to MongoDB (FLE). The feature is part of the coming 4.2 release (

This will literally encrypt and decrypt individual fields on the client being used and not even allow database administrators to see the corresponding values without the key used by the client to store the data.

MongoDB is famous for its convenience for storing documents, but also very well known for exposing those documents often to all of the internet because it did not have security controls on top of the database.

Of course this will not set you free from having to set up additional controls to allow network access to the database to authorized people only, use storage level encryption if required and apply general good practice to your mongo instances.