-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathKeyVault.removeKeyAlternateName.txt
101 lines (70 loc) · 2.9 KB
/
KeyVault.removeKeyAlternateName.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
.. _keyvault-removekeyalternatename-method:
=================================
KeyVault.removeKeyAlternateName()
=================================
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
.. method:: KeyVault.removeKeyAlternateName(UUID, keyAltName)
Removes the specified ``keyAltName`` from the data encryption key
with the specified ``UUID``. The data encryption key must exist in
the key vault associated to the database connection.
:returns:
The data encryption key *prior* to updating the ``keyAltName``.
Returns ``null`` if no data encryption key has the specified
``UUID()``.
Compatibility
-------------
This command is available in deployments hosted in the following
environments:
.. include:: /includes/fact-environments-atlas-only.rst
.. include:: /includes/fact-environments-onprem-only.rst
Syntax
------
:method:`~KeyVault.removeKeyAlternateName()` has the following syntax:
.. code-block:: none
keyVault = db.getMongo().getKeyVault()
keyVault.removeKeyAlternateName(
UUID("<UUID string>"),
"keyAltName"
)
Behavior
--------
Requires Configuring Client-Side Field Level Encryption on Database Connection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/extracts/csfle-requires-enabling-encryption.rst
Example
-------
The following example is intended for rapid evaluation of
client-side field level encryption. For specific examples of using
:method:`KeyVault.removeKeyAlternateName()` with each supported
:abbr:`KMS (Key Management Service)` provider, see
:ref:`field-level-encryption-data-key-manage`.
.. include:: /includes/csfle-connection-boilerplate-example.rst
Retrieve the :method:`keyVault <getKeyVault()>` object and use the
:method:`KeyVault.removeKeyAlternateName()` method to remove the
specified key alternate name from the data encryption key with matching
``UUID``:
.. code-block:: javascript
keyVault = encryptedClient.getKeyVault()
keyVault.removeKeyAlternateName(UUID("b4b41b33-5c97-412e-a02b-743498346079"),"Other-Data-Encryption-Key")
If successful, :method:`~KeyVault.removeKeyAlternateName()` returns the
data encryption key *prior* to updating the ``keyAltName``.
.. code-block:: json
{
"_id" : UUID("b4b41b33-5c97-412e-a02b-743498346079"),
"keyMaterial" : BinData(0,"PXRsLOAYxhzTS/mFQAI8486da7BwZgqA91UI7NKz/T/AjB0uJZxTvhvmQQsKbCJYsWVS/cp5Rqy/FUX2zZwxJOJmI3rosPhzV0OI5y1cuXhAlLWlj03CnTcOSRzE/YIrsCjMB0/NyiZ7MRWUYzLAEQnE30d947XCiiHIb8a0kt2SD0so8vZvSuP2n0Vtz4NYqnzF0CkhZSWFa2e2yA=="),
"creationDate" : ISODate("2019-08-12T21:21:30.569Z"),
"updateDate" : ISODate("2019-08-12T21:21:30.569Z"),
"status" : 0,
"version" : NumberLong(0),
"masterKey" : {
"provider" : "local"
},
"keyAltNames" : [
"ssn-encryption-key"
]
}