MongoDB\Driver\Manager::createClientEncryption

(mongodb >=1.7.0)

MongoDB\Driver\Manager::createClientEncryptionCreate a new ClientEncryption object

Description

final public MongoDB\Driver\Manager::createClientEncryption(array $options): MongoDB\Driver\ClientEncryption

Constructs a new MongoDB\Driver\ClientEncryption object with the specified options.

Parameters

options

options
Option Type Description
keyVaultClient MongoDB\Driver\Manager The Manager used to route data key queries to a separate MongoDB cluster. By default, the current Manager and cluster is used.
keyVaultNamespace string A fully qualified namespace (e.g. "databaseName.collectionName") denoting the collection that contains all data keys used for encryption and decryption.
kmsProviders array

A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include "aws", "azure", "gcp", "kmip", and "local" and at least one must be specified.

The format for "aws" is as follows: 

aws: {
    accessKeyId: <string>,
    secretAccessKey: <string>
}

The format for "azure" is as follows: 

azure: {
    tenantId: <string>,
    clientId: <string>,
    clientSecret: <string>,
    identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com"
}

The format for "gcp" is as follows: 

gcp: {
    email: <string>,
    privateKey: <base64 string>|<MongoDB\BSON\Binary>,
    endpoint: <optional string> // Defaults to "oauth2.googleapis.com"
}

The format for "kmip" is as follows: 

kmip: {
    endpoint: <string>
}

The format for "local" is as follows: 

local: {
    // 96-byte master key used to encrypt/decrypt data keys
    key: <base64 string>|<MongoDB\BSON\Binary>
}
tlsOptions array

A document containing the TLS configuration for one or more KMS providers. Supported providers include "aws", "azure", "gcp", and "kmip". All providers support the following options: 

<provider>: {
    tlsCaFile: <optional string>,
    tlsCertificateKeyFile: <optional string>,
    tlsCertificateKeyFilePassword: <optional string>
}

Return Values

Returns a new MongoDB\Driver\ClientEncryption instance.

Errors/Exceptions

Changelog

Version Description
PECL mongodb 1.12.0

KMIP is now supported as a KMS provider for client-side encryption and may be configured in the "kmsProviders" option.

Added the "tlsOptions" option.

PECL mongodb 1.10.0 Azure and GCP are now supported as KMS providers for client-side encryption and may be configured in the "kmsProviders" option. Base64-encoded strings are now accepted as an alternative to MongoDB\BSON\Binary for options within "kmsProviders".

See Also

Here you can write a comment


Please enter at least 10 characters.
Loading... Please wait.
* Pflichtangabe
There are no comments available yet.
PHP

PHP cURL Tutorial: Using cURL to Make HTTP Requests

cURL is a powerful PHP extension that allows you to communicate with different servers using various protocols, including HTTP, HTTPS, FTP, and more. ...

TheMax

Autor : TheMax
Category: PHP-Tutorials

Midjourney Tutorial - Instructions for beginners

Midjourney Tutorial - Instructions for beginners

There is an informative video about Midjourney, the tool for creating digital images using artificial intelligence, entitled "Midjourney tutorial in German - instructions for beginners" ...

Mike94

Autor : Mike94
Category: KI Tutorials

Basics of views in MySQL

Basics of views in MySQL

Views in a MySQL database offer the option of creating a virtual table based on the result of an SQL query. This virtual table can be queried like a normal table without changing the underlying data. ...

admin

Autor : admin
Category: mySQL-Tutorials

Publish a tutorial

Share your knowledge with other developers worldwide

Share your knowledge with other developers worldwide

You are a professional in your field and want to share your knowledge, then sign up now and share it with our PHP community

learn more

Publish a tutorial