(mongodb >=1.7.0)
MongoDB\Driver\Manager::createClientEncryption — Create a new ClientEncryption object
$options
): MongoDB\Driver\ClientEncryptionConstructs a new MongoDB\Driver\ClientEncryption object with the specified options.
options
Option | Type | Description |
---|---|---|
keyVaultClient | MongoDB\Driver\Manager | The Manager used to route data key queries to a separate MongoDB cluster. By default, the current Manager and cluster is used. |
keyVaultNamespace | string | A fully qualified namespace (e.g. "databaseName.collectionName" ) denoting the collection that contains all data keys used for encryption and decryption. |
kmsProviders | array | A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include If an empty document is specified for The format for aws: { accessKeyId: <string>, secretAccessKey: <string>, sessionToken: <optional string> } The format for azure: { tenantId: <string>, clientId: <string>, clientSecret: <string>, identityPlatformEndpoint: <optional string>} The format for gcp: { email: <string>, privateKey: <base64 string>|<MongoDB\BSON\Binary>, endpoint: <optional string>} The format for kmip: { endpoint: <string> } The format for local: { key: <base64 string>|<MongoDB\BSON\Binary> } |
tlsOptions | array | A document containing the TLS configuration for one or more KMS providers. Supported providers include <provider>: { tlsCaFile: <optional string>, tlsCertificateKeyFile: <optional string>, tlsCertificateKeyFilePassword: <optional string>, tlsDisableOCSPEndpointCheck: <optional bool> } |
Returns a new MongoDB\Driver\ClientEncryption instance.
バージョン | 説明 |
---|---|
PECL mongodb 1.16.0 | The AWS KMS provider for client-side encryption now accepts a Added If an empty document is specified for the |
PECL mongodb 1.15.0 | If an empty document is specified for the |
PECL mongodb 1.12.0 | KMIP is now supported as a KMS provider for client-side encryption and may be configured in the Added the |
PECL mongodb 1.10.0 | Azure and GCP are now supported as KMS providers for client-side encryption and may be configured in the "kmsProviders" option. Base64-encoded strings are now accepted as an alternative to MongoDB\BSON\Binary for options within "kmsProviders" . |