MongoDB\Driver\ClientEncryption::__construct
(mongodb >=1.14.0)
MongoDB\Driver\ClientEncryption::__construct — Create a new ClientEncryption object
説明
Constructs a new MongoDB\Driver\ClientEncryption object with the specified options.
パラメータ
options
-
options Option Type Description keyVaultClient MongoDB\Driver\Manager The Manager used to route data key queries. This option is required (unlike with MongoDB\Driver\Manager::createClientEncryption()). keyVaultNamespace string A fully qualified namespace (e.g. "databaseName.collectionName"
) denoting the collection that contains all data keys used for encryption and decryption.kmsProviders array A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include
"aws"
,"azure"
,"gcp"
,"kmip"
, and"local"
and at least one must be specified.If an empty document is specified for
"aws"
,"azure"
, or"gcp"
, the driver will attempt to configure the provider using » Automatic Credentials.The format for
"aws"
is as follows:aws: { accessKeyId: <string>, secretAccessKey: <string>, sessionToken: <optional string> }
The format for
"azure"
is as follows:azure: { tenantId: <string>, clientId: <string>, clientSecret: <string>, identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com" }
The format for
"gcp"
is as follows:gcp: { email: <string>, privateKey: <base64 string>|<MongoDB\BSON\Binary>, endpoint: <optional string> // Defaults to "oauth2.googleapis.com" }
The format for
"kmip"
is as follows:kmip: { endpoint: <string> }
The format for
"local"
is as follows:local: { // 96-byte master key used to encrypt/decrypt data keys key: <base64 string>|<MongoDB\BSON\Binary> }
tlsOptions array A document containing the TLS configuration for one or more KMS providers. Supported providers include
"aws"
,"azure"
,"gcp"
, and"kmip"
. All providers support the following options:<provider>: { tlsCaFile: <optional string>, tlsCertificateKeyFile: <optional string>, tlsCertificateKeyFilePassword: <optional string>, tlsDisableOCSPEndpointCheck: <optional bool> }
エラー / 例外
- Throws MongoDB\Driver\Exception\InvalidArgumentException on argument parsing errors.
- Throws MongoDB\Driver\Exception\RuntimeException if the extension was compiled without libmongocrypt support
変更履歴
バージョン | 説明 |
---|---|
PECL mongodb 1.16.0 |
The AWS KMS provider for client-side encryption now accepts a
Added
If an empty document is specified for the |
PECL mongodb 1.15.0 |
If an empty document is specified for the |
参考
- MongoDB\Driver\Manager::createClientEncryption() - Create a new ClientEncryption object
- » Explicit (Manual) Client-Side Field Level Encryption in the MongoDB manual