(mongodb >=1.14.0)
MongoDB\Driver\ClientEncryption::__construct — Create a new ClientEncryption object
$options)Constructs a new MongoDB\Driver\ClientEncryption object with the specified options.
options
| Option | Type | Description |
|---|---|---|
| keyVaultClient | MongoDB\Driver\Manager | The Manager used to route data key queries. This option is required (unlike with MongoDB\Driver\Manager::createClientEncryption()). |
| keyVaultNamespace | string | A fully qualified namespace (e.g. "databaseName.collectionName") denoting the collection that contains all data keys used for encryption and decryption. This option is required. |
| kmsProviders | array |
A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include
The format for aws: {
accessKeyId: <string>,
secretAccessKey: <string>,
sessionToken: <optional string>
}
The format for azure: {
tenantId: <string>,
clientId: <string>,
clientSecret: <string>,
identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com"
}
The format for gcp: {
email: <string>,
privateKey: <base64 string>|<MongoDB\BSON\Binary>,
endpoint: <optional string> // Defaults to "oauth2.googleapis.com"
}
The format for kmip: {
endpoint: <string>
}
The format for local: {
// 96-byte master key used to encrypt/decrypt data keys
key: <base64 string>|<MongoDB\BSON\Binary>
}
|
| tlsOptions | array |
A document containing the TLS configuration for one or more KMS providers. Supported providers include <provider>: {
tlsCaFile: <optional string>,
tlsCertificateKeyFile: <optional string>,
tlsCertificateKeyFilePassword: <optional string>,
tlsDisableOCSPEndpointCheck: <optional bool>
}
|
| Version | Description |
|---|---|
| PECL mongodb 1.16.0 |
The AWS KMS provider for client-side encryption now accepts a
The |