-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathKeyVault.getKey.txt
95 lines (63 loc) · 2.43 KB
/
KeyVault.getKey.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
.. _keyvault-getkey-method:
=================
KeyVault.getKey()
=================
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
.. method:: KeyVault.getKey(UUID)
Gets a data encryption key with the specified ``UUID``. The data
encryption key must exist in the key vault associated to the database
connection.
:returns:
Document representing a matching data encryption key.
Compatibility
-------------
This command is available in deployments hosted in the following
environments:
.. include:: /includes/fact-environments-atlas-only.rst
.. include:: /includes/fact-environments-onprem-only.rst
Syntax
------
:method:`~KeyVault.getKey()` has the following syntax:
.. code-block:: none
keyVault = db.getMongo().getKeyVault()
keyVault.getKey(UUID("<UUID String>"))
The :abbr:`UUID (Universally unique identifier)` is a BSON
:bsontype:`binary data <Binary>` object with subtype ``4``.
Behavior
--------
Requires Configuring Client-Side Field Level Encryption on Database Connection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/extracts/csfle-requires-enabling-encryption.rst
Example
-------
The following example uses a :ref:`locally managed KMS
<qe-fundamentals-kms-providers-local>` for the client-side field level
encryption configuration.
.. include:: /includes/csfle-connection-boilerplate-example.rst
Retrieve the :method:`keyVault <getKeyVault()>` object and
use the :method:`KeyVault.getKey()` to retrieve
a data encryption key using its ``UUID``:
.. code-block:: javascript
keyVault = encryptedClient.getKeyVault()
keyVault.getKey(UUID("b4b41b33-5c97-412e-a02b-743498346079"))
:method:`~KeyVault.getKey()` returns the data encryption key, with
output similar to the following:
.. code-block:: json
{
"_id" : UUID("b4b41b33-5c97-412e-a02b-743498346079"),
"keyMaterial" : BinData(0,"E+0jZKzA4YuE1lGmSVIy2mivqH4JxFo0yFATdxYX/s0YtMFsgVXyu7Bbn4IQ2gn7F/9JAPJFOxdQc5lN3AR+oX33ewVZsd63f3DN1zzcukqdR2Y+EeO7ekRxyRjdzMaNNrBNIv9Gn5LEJgWPSYkG8VczF7cNZnc1YmnR0tuDPNYfm0J7dCZuZUNWW3FCGRcdFx6AlXiCtXKNR97hJ216pQ=="),
"creationDate" : ISODate("2021-03-16T18:22:43.733Z"),
"updateDate" : ISODate("2021-03-16T18:22:43.733Z"),
"status" : 0, "version" : NumberLong(0),
"masterKey" : {
"provider" : "local"
},
"keyAltNames" : [
"alpha"
]
}