MongoDB\Driver\ClientEncryption::rewrapManyDataKey
(mongodb >=1.15.0)
MongoDB\Driver\ClientEncryption::rewrapManyDataKey — Rewraps data keys
説明
$filter
, ?array $options
= null
): object
Rewraps (i.e. decrypts and re-encrypts) zero or more data keys in the key
vault collection that match the given filter
.
If the "provider"
option is not specified, matching data
keys will be rewrapped with their current KMS provider. Otherwise, matching
data keys will be re-encrypted according to the specified
"provider"
and "masterKey"
options.
パラメータ
filter
(array|object)-
The » query predicate. An empty predicate will match all documents in the collection.
注意: When evaluating query criteria, MongoDB compares types and values according to its own » comparison rules for BSON types, which differs from PHP's comparison and type juggling rules. When matching a special BSON type the query criteria should use the respective BSON class (e.g. use MongoDB\BSON\ObjectId to match an » ObjectId).
options
-
RewrapManyDataKey options Option Type Description provider string The KMS provider (e.g.
"local"
,"aws"
) that will be used to re-encrypt the matched data keys.If a KMS provider is not specified, matched data keys will be re-encrypted with their current KMS provider.
masterKey array The masterKey identifies a KMS-specific key used to encrypt the new data key. This option should not be specified without the
"provider"
option. This option is required if"provider"
is specified and not"local"
."aws"
provider optionsOption Type Description region string Required. key string Required. The Amazon Resource Name (ARN) to the AWS customer master key (CMK). endpoint string Optional. An alternate host identifier to send KMS requests to. May include port number. "azure"
provider optionsOption Type Description keyVaultEndpoint string Required. Host with optional port (e.g. "example.vault.azure.net"). keyName string Required. keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version. "gcp"
provider optionsOption Type Description projectId string Required. location string Required. keyRing string Required. keyName string Required. keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version. endpoint string Optional. Host with optional port. Defaults to "cloudkms.googleapis.com". "kmip"
provider optionsOption Type Description keyId string Optional. Unique identifier to a 96-byte KMIP secret data managed object. If unspecified, the driver creates a random 96-byte KMIP secret data managed object. endpoint string Optional. Host with optional port.
戻り値
Returns an object, which will have an optional
bulkWriteResult
property containing the result of the
internal bulkWrite
operation as an object. If no data keys
matched the filter or the write was unacknowledged, the
bulkWriteResult
property will be null
.
エラー / 例外
- Throws MongoDB\Driver\Exception\InvalidArgumentException on argument parsing errors.
- Throws MongoDB\Driver\Exception\ConnectionException if connection to the server fails (for reasons other than authentication).
- Throws MongoDB\Driver\Exception\AuthenticationException if authentication is needed and fails.
- Throws MongoDB\Driver\Exception\EncryptionException if an error occurs while decrypting or re-encrypting a data key.
- Throws MongoDB\Driver\Exception\RuntimeException on other errors.