MongoDB\Driver\ClientEncryption::createDataKey

(mongodb >=1.7.0)

MongoDB\Driver\ClientEncryption::createDataKeyCreate a new encryption data key

Description

final public MongoDB\Driver\ClientEncryption::createDataKey(string $kmsProvider, array $options = ?): MongoDB\BSON\Binary

Creates a new key document and inserts it into the key vault collection.

Parameters

kmsProvider

The KMS provider (e.g. "local", "aws", "azure", "gcp") that will be used to encrypt the new encryption key.

options

Data key options
Option Type Description
masterKey array

The masterKey identifies a KMS-specific key used to encrypt the new data key. This option is required unless kmsProvider is "local".

If kmsProvider is "aws", this option is required and has the following fields:

AWS masterKey options
Option Type Description
region string Required.
key string Required. The Amazon Resource Name (ARN) to the AWS customer master key (CMK).
endpoint string Optional. An alternate host identifier to send KMS requests to. May include port number.

If kmsProvider is "azure", this option is required and has the following fields:

Azure masterKey options
Option Type Description
keyVaultEndpoint string Required. Host with optional port (e.g. "example.vault.azure.net").
keyName string Required.
keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version.

If kmsProvider is "gcp", this option is required and has the following fields:

GCP masterKey options
Option Type Description
projectId string Required.
location string Required.
keyRing string Required.
keyName string Required.
keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version.
endpoint string Optional. Host with optional port. Defaults to "cloudkms.googleapis.com".

keyAltNames array

An optional list of string alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.

Return Values

Returns the identifier of the new key as a MongoDB\BSON\Binary object with subtype 4 (UUID).

Errors/Exceptions

Changelog

Version Description
PECL mongodb 1.10.0 Azure and GCP are now supported as KMS providers for client-side encryption.

Here you can write a comment


Please enter at least 10 characters.
Loading... Please wait.
* Pflichtangabe
There are no comments available yet.

PHP cURL Tutorial: Using cURL to Make HTTP Requests

cURL is a powerful PHP extension that allows you to communicate with different servers using various protocols, including HTTP, HTTPS, FTP, and more. ...

TheMax

Autor : TheMax
Category: PHP-Tutorials

Midjourney Tutorial - Instructions for beginners

There is an informative video about Midjourney, the tool for creating digital images using artificial intelligence, entitled "Midjourney tutorial in German - instructions for beginners" ...

Mike94

Autor : Mike94
Category: KI Tutorials

Basics of views in MySQL

Views in a MySQL database offer the option of creating a virtual table based on the result of an SQL query. This virtual table can be queried like a normal table without changing the underlying data. ...

admin

Autor : admin
Category: mySQL-Tutorials

Publish a tutorial

Share your knowledge with other developers worldwide

Share your knowledge with other developers worldwide

You are a professional in your field and want to share your knowledge, then sign up now and share it with our PHP community

learn more

Publish a tutorial