MongoDB\Driver\ClientEncryption::__construct

(mongodb >=1.14.0)

MongoDB\Driver\ClientEncryption::__construct — Create a new ClientEncryption object

Descripción

finalpublicMongoDB\Driver\ClientEncryption::__construct(array$options)

Constructs a new MongoDB\Driver\ClientEncryption object with the specified options.

Parámetros

options

**options**
Option	Type	Description
keyVaultClient	MongoDB\Driver\Manager	The Manager used to route data key queries. This option is required (unlike with MongoDB\Driver\Manager::createClientEncryption()).
keyVaultNamespace	string	A fully qualified namespace (e.g. `"databaseName.collectionName"`) denoting the collection that contains all data keys used for encryption and decryption. This option is required.
kmsProviders	array	A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include `"aws"`, `"azure"`, `"gcp"`, `"kmip"`, and `"local"` and at least one must be specified. If an empty document is specified for `"aws"`, `"azure"`, or `"gcp"`, the driver will attempt to configure the provider using » Automatic Credentials. The format for `"aws"` is as follows: aws: { accessKeyId: <string>, secretAccessKey: <string>, sessionToken: <optional string> } The format for `"azure"` is as follows: azure: { tenantId: <string>, clientId: <string>, clientSecret: <string>, identityPlatformEndpoint: <optional string>} The format for `"gcp"` is as follows: gcp: { email: <string>, privateKey: <base64 string>\|<MongoDB\BSON\Binary>, endpoint: <optional string>} The format for `"kmip"` is as follows: kmip: { endpoint: <string> } The format for `"local"` is as follows: local: { key: <base64 string>\|<MongoDB\BSON\Binary> }
tlsOptions	array	A document containing the TLS configuration for one or more KMS providers. Supported providers include `"aws"`, `"azure"`, `"gcp"`, and `"kmip"`. All providers support the following options: <provider>: { tlsCaFile: <optional string>, tlsCertificateKeyFile: <optional string>, tlsCertificateKeyFilePassword: <optional string>, tlsDisableOCSPEndpointCheck: <optional bool> }

Errores/Excepciones

Lanza una MongoDB\Driver\Exception\InvalidArgumentException en errores de análisis de argumentos.
Throws MongoDB\Driver\Exception\RuntimeException if the extension was compiled without libmongocrypt support

Historial de cambios

Versión Descripción

PECL mongodb 1.16.0

Versión	Descripción
PECL mongodb 1.16.0	The AWS KMS provider for client-side encryption now accepts a `"sessionToken"` option, which can be used to authenticate with temporary AWS credentials. Added `"tlsDisableOCSPEndpointCheck"` to the `"tlsOptions"` option. If an empty document is specified for the `"azure"` or `"gcp"` KMS provider, the driver will attempt to configure the provider using » Automatic Credentials.
PECL mongodb 1.15.0	If an empty document is specified for the `"aws"` KMS provider, the driver will attempt to configure the provider using » Automatic Credentials.

The AWS KMS provider for client-side encryption now accepts a "sessionToken" option, which can be used to authenticate with temporary AWS credentials.

Added "tlsDisableOCSPEndpointCheck" to the "tlsOptions" option.

If an empty document is specified for the "azure" or "gcp" KMS provider, the driver will attempt to configure the provider using » Automatic Credentials.

PECL mongodb 1.15.0

If an empty document is specified for the "aws" KMS provider, the driver will attempt to configure the provider using » Automatic Credentials.

Ver también

MongoDB\Driver\Manager::createClientEncryption() - Create a new ClientEncryption object
» Explicit (Manual) Client-Side Field Level Encryption in the MongoDB manual