Client-Side Field Level Encryption Methods
Note
For details on specific methods, including syntax and examples,click on the specific method to go to its reference page.
The mongo
client-side field level encrytion methodsrequire a database connection with client-side field level encryptionenabled. If the current database connection was not initiated withclient-side field level encryption enabled, either:
- Use the
Mongo()
constructor from themongo
shell to establish a connection with the required client-side fieldlevel encryption options. TheMongo()
method supports bothAmazon Web Services and Local Key Management Service (KMS) providersfor Customer Master Key (CMK) management.
or
- Use the
mongo
shell command line options to establish aconnection with the required options. The command line options onlysupport the AWS KMS provider for CMK management.
Name | Description |
---|---|
getKeyVault() | Returns the key vault object for the current MongoDB connection. |
KeyVault.createKey() | Creates a data key for use with client-side field level encryption. |
KeyVault.deleteKey() | Deletes the specified data key from the key vault. |
KeyVault.getKey() | Retreives the specified data key from the key vault. |
KeyVault.getKeys() | Retrieves all keys in the key vault. |
KeyVault.addKeyAlternateName() | Associates a key alternative name to the specified data key. |
KeyVault.removeKeyAlternateName() | Removes a key alternative name from the specified data key. |
KeyVault.getKeyByAltName() | Retrieves keys with the specified key alternative name. |
getClientEncryption() | Returns the client encryption object for supporting explicit encryption/decryption of fields. |
ClientEncryption.encrypt() | Encrypts a field using a specified data key and encryption algorithm. |
ClientEncryption.decrypt() | Decrypts a field using the associated data key and encryption algorithm. |