(mongodb >=1.15.0)
MongoDB\Driver\ClientEncryption::rewrapManyDataKey — Rewraps data keys
$filter
, ?array$options
= null
): object Rewraps (i.e. decrypts and re-encrypts) zero or more data keys in the key vault collection that match the given filter
.
If the "provider"
option is not specified, matching data keys will be rewrapped with their current KMS provider. Otherwise, matching data keys will be re-encrypted according to the specified "provider"
and "masterKey"
options.
filter
(array|object)The » query predicate. An empty predicate will match all documents in the collection.
Note: When evaluating query criteria, MongoDB compares types and values according to its own » comparison rules for BSON types, which differs from PHP's comparison and type juggling rules. When matching a special BSON type the query criteria should use the respective BSON class (e.g. use MongoDB\BSON\ObjectId to match an » ObjectId).
options
Option | Type | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
provider | string | The KMS provider (e.g. If a KMS provider is not specified, matched data keys will be re-encrypted with their current KMS provider. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
masterKey | array | The masterKey identifies a KMS-specific key used to encrypt the new data key. This option should not be specified without the
|
Returns an object, which will have an optional bulkWriteResult
property containing the result of the internal bulkWrite
operation as an object. If no data keys matched the filter or the write was unacknowledged, the bulkWriteResult
property will be null
.