MongoDB C++ Driver mongocxx-4.0.0
Loading...
Searching...
No Matches
mongocxx::v_noabi::options::data_key Class Reference

#include <mongocxx/v_noabi/mongocxx/options/data_key.hpp>

Description

Class representing options for data key generation for encryption.

Public Types

using key_material_type = std::vector<uint8_t>
 Represents binary data used to represent key material.
 

Public Member Functions

const std::vector< std::string > & key_alt_names () const
 Gets the alternate names for the data key.
 
data_keykey_alt_names (std::vector< std::string > key_alt_names)
 Sets an optional list of string alternate names used to reference the key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.
 
const bsoncxx::v_noabi::stdx::optional< key_material_type > & key_material ()
 Gets the keyMaterial as binary data.
 
data_keykey_material (key_material_type key_material)
 Sets the binary data for the key material.
 
const bsoncxx::v_noabi::stdx::optional< bsoncxx::v_noabi::document::view_or_value > & master_key () const
 Gets the master key.
 
data_keymaster_key (bsoncxx::v_noabi::document::view_or_value master_key)
 Sets a KMS-specific key used to encrypt the new data key.
 

Member Typedef Documentation

◆ key_material_type

Represents binary data used to represent key material.

Member Function Documentation

◆ key_alt_names() [1/2]

const std::vector< std::string > & mongocxx::v_noabi::options::data_key::key_alt_names ( ) const

Gets the alternate names for the data key.

Returns
The alternate names for the data key.

◆ key_alt_names() [2/2]

data_key & mongocxx::v_noabi::options::data_key::key_alt_names ( std::vector< std::string > key_alt_names)

Sets an optional list of string alternate names used to reference the key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.

Parameters
key_alt_namesThe alternate names for the key.
Returns
A reference to this object.
See also

◆ key_material() [1/2]

const bsoncxx::v_noabi::stdx::optional< key_material_type > & mongocxx::v_noabi::options::data_key::key_material ( )

Gets the keyMaterial as binary data.

Returns
The binary data for the key material
See also

◆ key_material() [2/2]

data_key & mongocxx::v_noabi::options::data_key::key_material ( key_material_type key_material)

Sets the binary data for the key material.

An optional BinData of 96 bytes to use as custom key material for the data key being created. If keyMaterial is given, the custom key material is used for encrypting and decrypting data.

Otherwise, the key material for the new data key is generated from a cryptographically secure random device.

Parameters
key_materialThe binary data for the keyMaterial
Returns
A reference to this object.
See also

◆ master_key() [1/2]

const bsoncxx::v_noabi::stdx::optional< bsoncxx::v_noabi::document::view_or_value > & mongocxx::v_noabi::options::data_key::master_key ( ) const

Gets the master key.

Returns
An optional document containing the master key.

◆ master_key() [2/2]

data_key & mongocxx::v_noabi::options::data_key::master_key ( bsoncxx::v_noabi::document::view_or_value master_key)

Sets a KMS-specific key used to encrypt the new data key.

If the KMS provider is "aws" the masterKey is required and has the following fields:

{
region: String,
key: String, // The Amazon Resource Name (ARN) to the AWS customer master key (CMK).
endpoint: Optional<String> // An alternate host identifier to send KMS requests to. May
// include port number. Defaults to
// "kms.<region>.amazonaws.com"
}

If the KMS provider is "azure" the masterKey is required and has the following fields:

{
keyVaultEndpoint: String, // Host with optional port. Example: "example.vault.azure.net".
keyName: String,
keyVersion: Optional<String> // A specific version of the named key, defaults to using
// the key's primary version.
}

If the KMS provider is "gcp" the masterKey is required and has the following fields:

{
projectId: String,
location: String,
keyRing: String,
keyName: String,
keyVersion: Optional<String>, // A specific version of the named key, defaults to using
// the key's primary version.
endpoint: Optional<String> // Host with optional port. Defaults to
// "cloudkms.googleapis.com".
}

If the KMS provider is "kmip" the masterKey is required and has the following fields:

{
keyId: Optional<String>, // keyId is the KMIP Unique Identifier to a 96 byte KMIP Secret
// Data managed object.If keyId is omitted, the driver creates
// a random 96 byte KMIP Secret Data managed object.
endpoint: Optional<String>, // Host with optional port.
delegated: Optional<Boolean> // If true, this key should be decrypted by the KMIP
// server.
}

If the KMS provider is "local" the masterKey is not applicable.

Parameters
master_keyThe document representing the master key.
Returns
A reference to this object.
See also

The documentation for this class was generated from the following file: