(mongodb >=1.14.0)
MongoDB\Driver\ClientEncryption::__construct — Create a new ClientEncryption object
$options
)Constructs a new MongoDB\Driver\ClientEncryption object with the specified options.
options
Option | Type | Description |
---|---|---|
keyVaultClient | MongoDB\Driver\Manager | The Manager used to route data key queries. This option is required (unlike with MongoDB\Driver\Manager::createClientEncryption()). |
keyVaultNamespace | string | A fully qualified namespace (e.g. "databaseName.collectionName" ) denoting the collection that contains all data keys used for encryption and decryption. This option is required. |
kmsProviders | array |
A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include
The format for aws: { accessKeyId: <string>, secretAccessKey: <string>, sessionToken: <optional string> }
The format for azure: { tenantId: <string>, clientId: <string>, clientSecret: <string>, identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com" }
The format for gcp: { email: <string>, privateKey: <base64 string>|<MongoDB\BSON\Binary>, endpoint: <optional string> // Defaults to "oauth2.googleapis.com" }
The format for kmip: { endpoint: <string> }
The format for local: { // 96-byte master key used to encrypt/decrypt data keys key: <base64 string>|<MongoDB\BSON\Binary> } |
tlsOptions | array |
A document containing the TLS configuration for one or more KMS providers. Supported providers include <provider>: { tlsCaFile: <optional string>, tlsCertificateKeyFile: <optional string>, tlsCertificateKeyFilePassword: <optional string>, tlsDisableOCSPEndpointCheck: <optional bool> } |
Version | Description |
---|---|
PECL mongodb 1.16.0 |
The AWS KMS provider for client-side encryption now accepts a
The |