-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathjs-client-side-field-level-encryption.txt
89 lines (66 loc) · 3.41 KB
/
js-client-side-field-level-encryption.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
==========================================
Client-Side Field Level Encryption Methods
==========================================
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
.. include:: /includes/extracts/methods-toc-explanation.rst
.. include:: /includes/extracts/csfle-requires-enabling-encryption.rst
The following methods are for :binary:`~bin.mongosh`
*only*. For instructions on implementing client-side field level
encryption using a MongoDB driver, defer to the driver documentation. See
:ref:`csfle-driver-compatibility` for a complete list of drivers with support
for client-side field level encryption.
.. list-table::
:widths: 30,70
:header-rows: 1
* - Name
- Description
* - :method:`getKeyVault()`
- Returns the key vault object for the current MongoDB connection.
* - :method:`KeyVault.createKey()`
- Creates a data encryption key for use with client-side field level encryption.
* - :method:`KeyVault.deleteKey()`
- Deletes the specified data encryption key from the key vault.
* - :method:`KeyVault.getKey()`
- Retreives the specified data encryption key from the key vault.
* - :method:`KeyVault.getKeys()`
- Retrieves all keys in the key vault.
* - :method:`KeyVault.addKeyAlternateName()`
- Associates a key alternative name to the specified data encryption key.
* - :method:`KeyVault.removeKeyAlternateName()`
- Removes a key alternative name from the specified data encryption key.
* - :method:`KeyVault.rewrapManyDataKey()`
- Decrypts multiple data keys and re-encrypts them with a new master key.
* - :method:`KeyVault.getKeyByAltName()`
- Retrieves keys with the specified key alternative name.
* - :method:`getClientEncryption()`
- Returns the client encryption object for supporting explicit encryption/decryption of fields.
* - :method:`ClientEncryption.createEncryptedCollection()`
- Creates a collection with encrypted fields.
* - :method:`ClientEncryption.encrypt()`
- Encrypts a field using a specified data encryption key and encryption algorithm.
* - :method:`ClientEncryption.decrypt()`
- Decrypts a field using the associated data encryption key and encryption algorithm.
.. toctree::
:titlesonly:
:hidden:
ClientEncryption.createEncryptedCollection </reference/method/ClientEncryption.createEncryptedCollection>
ClientEncryption.encrypt </reference/method/ClientEncryption.encrypt>
ClientEncryption.decrypt </reference/method/ClientEncryption.decrypt>
getClientEncryption </reference/method/getClientEncryption>
getKeyVault </reference/method/getKeyVault>
KeyVault.addKeyName </reference/method/KeyVault.addKeyName>
KeyVault.addKeyAlternateName </reference/method/KeyVault.addKeyAlternateName>
KeyVault.createDataKey </reference/method/KeyVault.createDataKey>
KeyVault.createKey </reference/method/KeyVault.createKey>
KeyVault.deleteKey </reference/method/KeyVault.deleteKey>
KeyVault.getKey </reference/method/KeyVault.getKey>
KeyVault.getKeys </reference/method/KeyVault.getKeys>
KeyVault.getKeyByAltName </reference/method/KeyVault.getKeyByAltName>
KeyVault.removeKeyAlternateName </reference/method/KeyVault.removeKeyAlternateName>
KeyVault.removeKeyAltName </reference/method/KeyVault.removeKeyAltName>
KeyVault.rewrapManyDataKey </reference/method/KeyVault.rewrapManyDataKey>