The MongoDB\Driver\ClientEncryption class

(mongodb >=1.7.0)

Introduction

The MongoDB\Driver\ClientEncryption class handles creation of data keys for client-side encryption, as well as manually encrypting and decrypting values.

Class synopsis

final class MongoDB\Driver\ClientEncryption {
/* Constants */
const string AEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC = AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic;
const string AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM = AEAD_AES_256_CBC_HMAC_SHA_512-Random;
const string ALGORITHM_INDEXED = Indexed;
const string ALGORITHM_UNINDEXED = Unindexed;
const string QUERY_TYPE_EQUALITY = equality;
/* Methods */
final public addKeyAltName(MongoDB\BSON\Binary $keyId, string $keyAltName): ?object
final public __construct(array $options)
final public createDataKey(string $kmsProvider, ?array $options = null): MongoDB\BSON\Binary
final public decrypt(MongoDB\BSON\Binary $value): mixed
final public deleteKey(MongoDB\BSON\Binary $keyId): object
final public encrypt(mixed $value, ?array $options = null): MongoDB\BSON\Binary
final public getKey(MongoDB\BSON\Binary $keyId): ?object
final public getKeyByAltName(string $keyAltName): ?object
final public getKeys(): MongoDB\Driver\Cursor
final public removeKeyAltName(MongoDB\BSON\Binary $keyId, string $keyAltName): ?object
final public rewrapManyDataKey(array|object $filter, ?array $options = null): object
}

Predefined Constants

MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC

Specifies an algorithm for » deterministic encryption, which is suitable for querying.

MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM

Specifies an algorithm for » randomized encryption

MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED

Specifies an algorithm for an indexed, encrypted payload, which can be used with queryable encryption.

To insert or query with an indexed, encrypted payload, the MongoDB\Driver\Manager must be configured with the "autoEncryption" driver option. The "bypassQueryAnalysis" auto encryption option may be true. The "bypassAutoEncryption" auto encryption option must be false.

MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED

Specifies an algorithm for an unindexed, encrypted payload.

MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY

Specifies an equality query type, which is used in conjunction with MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED.

Note: Queryable Encryption is in public preview and available for evaluation purposes. It is not yet recommended for production deployments as breaking changes may be introduced. See the » Queryable Encryption Preview blog post for more information.

Changelog

Version Description
PECL mongodb 1.14.0 Added MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED, MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED, and MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY

Table of Contents