If a user creates a client-side schema on a Mongo client for a collection that doesn't exist and then performs an insert (thus implicitly creating the collection), the operation appears to succeed and encryption and queries will work correctly and securely, but compaction will fail if it is attempted. Furthermore, the lack of an index on the encrypted fields makes queries slower.

The issue is compounded because it's possible to implicitly create a single encrypted field on an insert into an existing encrypted collection if there is a new one added on the client schema. Product has recommended this technique to customers.

There are two approaches we could take to resolve this: (1) we could perform a proper create collection if we find an implicit creation attempt plus use our upcoming add encrypted field functionality to add to it in the case of creating new field(s) from a client-side schema addition, or (2) we could block implicit creation of collections and error on a schema mismatch.

There are also solutions between (1) and (2) or a world where we put (2) or some part of it in place while we scope (1).