(mongodb >=1.14.0)
MongoDB\Driver\ClientEncryption::__construct — Create a new ClientEncryption object
Constructs a new MongoDB\Driver\ClientEncryption object with the specified options.
options
Option | Type | Description |
---|---|---|
keyVaultClient | MongoDB\Driver\Manager | The Manager used to route data key queries. This option is required (unlike with MongoDB\Driver\Manager::createClientEncryption()). |
keyVaultNamespace | string | A fully qualified namespace (e.g. "databaseName.collectionName" ) denoting the collection that contains all data keys used for encryption and decryption. This option is required. |
kmsProviders | array |
A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include
If an empty document is specified for
The format for aws: { accessKeyId: <string>, secretAccessKey: <string>, sessionToken: <optional string> }
The format for azure: { tenantId: <string>, clientId: <string>, clientSecret: <string>, identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com" }
The format for gcp: { email: <string>, privateKey: <base64 string>|<MongoDB\BSON\Binary>, endpoint: <optional string> // Defaults to "oauth2.googleapis.com" }
The format for kmip: { endpoint: <string> }
The format for local: { // 96-byte master key used to encrypt/decrypt data keys key: <base64 string>|<MongoDB\BSON\Binary> } |
tlsOptions | array |
A document containing the TLS configuration for one or more KMS providers. Supported providers include <provider>: { tlsCaFile: <optional string>, tlsCertificateKeyFile: <optional string>, tlsCertificateKeyFilePassword: <optional string>, tlsDisableOCSPEndpointCheck: <optional bool> } |
Version | Description |
---|---|
PECL mongodb 1.16.0 |
The AWS KMS provider for client-side encryption now accepts a
Added
If an empty document is specified for the |
PECL mongodb 1.15.0 |
If an empty document is specified for the |