The MongoDB\Driver\ClientEncryption class

    (mongodb >=1.7.0)

    Introduction

    The MongoDB\Driver\ClientEncryption class handles creation of data keys for client-side encryption, as well as manually encrypting and decrypting values.

    Class synopsis

    finalclassMongoDB\Driver\ClientEncryption {
    conststringAEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC = AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic;
    conststringAEAD_AES_256_CBC_HMAC_SHA_512_RANDOM = AEAD_AES_256_CBC_HMAC_SHA_512-Random;
    conststringALGORITHM_INDEXED = Indexed;
    conststringALGORITHM_UNINDEXED = Unindexed;
    conststringALGORITHM_RANGE_PREVIEW = RangePreview;
    conststringQUERY_TYPE_EQUALITY = equality;
    conststringQUERY_TYPE_RANGE_PREVIEW = rangePreview;
    finalpublicaddKeyAltName(MongoDB\BSON\Binary$keyId, string$keyAltName): ?object
    finalpublic__construct(array$options)
    finalpubliccreateDataKey(string$kmsProvider, ?array$options = null): MongoDB\BSON\Binary
    finalpublicdecrypt(MongoDB\BSON\Binary$value): mixed
    finalpublicdeleteKey(MongoDB\BSON\Binary$keyId): object
    finalpublicencrypt(mixed$value, ?array$options = null): MongoDB\BSON\Binary
    finalpublicencryptExpression(array|object$expr, ?array$options = null): object
    finalpublicgetKey(MongoDB\BSON\Binary$keyId): ?object
    finalpublicgetKeyByAltName(string$keyAltName): ?object
    finalpublicgetKeys(): MongoDB\Driver\Cursor
    finalpublicremoveKeyAltName(MongoDB\BSON\Binary$keyId, string$keyAltName): ?object
    finalpublicrewrapManyDataKey(array|object$filter, ?array$options = null): object
    }

    Predefined Constants

    MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_DETERMINISTIC

    Specifies an algorithm for » deterministic encryption, which is suitable for querying.

    MongoDB\Driver\ClientEncryption::AEAD_AES_256_CBC_HMAC_SHA_512_RANDOM

    Specifies an algorithm for » randomized encryption

    MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED

    Specifies an algorithm for an indexed, encrypted payload, which can be used with queryable encryption.

    To insert or query with an indexed, encrypted payload, the MongoDB\Driver\Manager must be configured with the "autoEncryption" driver option. The "bypassQueryAnalysis" auto encryption option may be true. The "bypassAutoEncryption" auto encryption option must be false.

    MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED

    Specifies an algorithm for an unindexed, encrypted payload.

    MongoDB\Driver\ClientEncryption::ALGORITHM_RANGE_PREVIEW

    Specifies an algorithm for a range, encrypted payload, which can be used with queryable encryption.

    To query with a range encrypted payload, the MongoDB\Driver\Manager must be configured with the "autoEncryption" driver option. The "bypassQueryAnalysis" auto encryption option may be true. The "bypassAutoEncryption" auto encryption option must be false.

    Note:

    The range algorithm is experimental only. It is not intended for public use.

    The PHP driver does not yet support range queries for decimal128 BSON field types.

    MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY

    Specifies an equality query type, which is used in conjunction with MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED.

    MongoDB\Driver\ClientEncryption::QUERY_TYPE_RANGE_PREVIEW

    Specifies a range query type, which is used in conjunction with MongoDB\Driver\ClientEncryption::ALGORITHM_RANGE_PREVIEW.

    Changelog

    VersionDescription
    PECL mongodb 1.16.0 Added MongoDB\Driver\ClientEncryption::ALGORITHM_RANGE_PREVIEW and MongoDB\Driver\ClientEncryption::QUERY_TYPE_RANGE_PREVIEW.
    PECL mongodb 1.14.0 Added MongoDB\Driver\ClientEncryption::ALGORITHM_INDEXED, MongoDB\Driver\ClientEncryption::ALGORITHM_UNINDEXED, and MongoDB\Driver\ClientEncryption::QUERY_TYPE_EQUALITY

    Table of Contents

    To Top