-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathgetKeyVault.txt
90 lines (58 loc) · 2.17 KB
/
getKeyVault.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
=============
getKeyVault()
=============
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
.. method:: getKeyVault()
Returns the ``KeyVault`` object for the current database connection.
The ``KeyVault`` object supports data encryption key management for
:ref:`{+csfle+} <manual-csfle-feature>`.
:returns:
The ``KeyVault`` object for current database connection.
Compatibility
-------------
This command is available in deployments hosted in the following
environments:
.. include:: /includes/fact-environments-atlas-only.rst
.. include:: /includes/fact-environments-onprem-only.rst
Syntax
------
:method:`getKeyVault()` has the following syntax:
.. code-block:: javascript
keyVault = db.getMongo().getKeyVault();
Use the ``KeyVault`` object to access the following data encryption key
management methods:
- :method:`~KeyVault.getKey`
- :method:`~KeyVault.getKeys`
- :method:`~KeyVault.getKeyByAltName`
- :method:`~KeyVault.createKey`
- :method:`~KeyVault.addKeyAlternateName`
- :method:`~KeyVault.removeKeyAlternateName`
- :method:`~KeyVault.deleteKey`
Behavior
--------
Requires Configuring Client-Side Field Level Encryption on Database Connection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following example uses a :ref:`locally managed key
<qe-fundamentals-kms-providers-local>` for the client-side field level
encryption configuration.
.. include:: /includes/extracts/csfle-requires-enabling-encryption.rst
Unique Partial Index on Key Vault
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. include:: /includes/extracts/csfle-keyvault-unique-index.rst
Example
-------
The following example uses a :ref:`locally managed key
<qe-fundamentals-kms-providers-local>` for the client-side field level
encryption configuration.
.. include:: /includes/csfle-connection-boilerplate-example.rst
Use the :method:`getKeyVault()` method to retrieve the
key vault object:
.. code-block:: javascript
keyVault = encryptedClient.getKeyVault()
For complete documentation on initiating MongoDB connections with
client-side field level encryption enabled, see :method:`Mongo()`.