MongoDB C++ Driver
mongocxx-3.10.2
|
Class representing options for automatic client-side encryption. More...
#include <auto_encryption.hpp>
Public Types | |
using | ns_pair = std::pair< std::string, std::string > |
Sets the namespace to use to access the key vault collection, which contains all data keys used for encryption and decryption. More... | |
Public Member Functions | |
auto_encryption () noexcept | |
Default constructs a new auto_encryption object. | |
auto_encryption & | key_vault_client (mongocxx::v_noabi::client *client) |
When the key vault collection is on a separate MongoDB cluster, sets the optional client to use to route data key queries to that cluster. More... | |
const stdx::optional< mongocxx::v_noabi::client * > & | key_vault_client () const |
Gets the key vault client. More... | |
auto_encryption & | key_vault_pool (mongocxx::v_noabi::pool *pool) |
When the key vault collection is on a separate MongoDB cluster, sets the optional client pool to use to route data key queries to that cluster. More... | |
const stdx::optional< mongocxx::v_noabi::pool * > & | key_vault_pool () const |
Gets the key vault pool. More... | |
const stdx::optional< ns_pair > & | key_vault_namespace () const |
Gets the key vault namespace. More... | |
auto_encryption & | kms_providers (bsoncxx::v_noabi::document::view_or_value kms_providers) |
Sets the KMS providers to use for client side encryption. More... | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | kms_providers () const |
Gets the KMS providers. More... | |
auto_encryption & | tls_opts (bsoncxx::v_noabi::document::view_or_value tls_opts) |
Sets the TLS options to use for client side encryption with a given KMS provider. More... | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | tls_opts () const |
Gets the TLS options. More... | |
auto_encryption & | schema_map (bsoncxx::v_noabi::document::view_or_value schema_map) |
Sets a local JSON schema. More... | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | schema_map () const |
Gets the schema map. More... | |
auto_encryption & | encrypted_fields_map (bsoncxx::v_noabi::document::view_or_value encrypted_fields_map) |
Sets the local encrypted fields map. More... | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | encrypted_fields_map () const |
Get encrypted fields map. More... | |
auto_encryption & | bypass_auto_encryption (bool should_bypass) |
Automatic encryption is disabled when the 'bypassAutoEncryption' option is true. More... | |
bool | bypass_auto_encryption () const |
Gets a boolean specifying whether or not auto encryption is bypassed. More... | |
auto_encryption & | bypass_query_analysis (bool should_bypass) |
Query analysis is disabled when the 'bypassQueryAnalysis' option is true. More... | |
bool | bypass_query_analysis () const |
Gets a boolean specifying whether or not query analysis is bypassed. More... | |
auto_encryption & | extra_options (bsoncxx::v_noabi::document::view_or_value extra) |
Set extra options related to the mongocryptd process. More... | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | extra_options () const |
Gets extra options related to the mongocryptd process. More... | |
Class representing options for automatic client-side encryption.
using mongocxx::v_noabi::options::auto_encryption::ns_pair = std::pair<std::string, std::string> |
Sets the namespace to use to access the key vault collection, which contains all data keys used for encryption and decryption.
This option must be set:
auto_encryption.key_vault_namespace({ "db", "coll" });
ns | A std::pair of strings representing the db and collection to use to access the key vault. |
bool mongocxx::v_noabi::options::auto_encryption::bypass_auto_encryption | ( | ) | const |
Gets a boolean specifying whether or not auto encryption is bypassed.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::bypass_auto_encryption | ( | bool | should_bypass | ) |
Automatic encryption is disabled when the 'bypassAutoEncryption' option is true.
Default is 'false,' so auto encryption is enabled.
should_bypass | Whether or not to bypass automatic encryption. |
bool mongocxx::v_noabi::options::auto_encryption::bypass_query_analysis | ( | ) | const |
Gets a boolean specifying whether or not query analysis is bypassed.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::bypass_query_analysis | ( | bool | should_bypass | ) |
Query analysis is disabled when the 'bypassQueryAnalysis' option is true.
Default is 'false' (i.e. query analysis is enabled).
should_bypass | Whether or not to bypass query analysis. |
const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::auto_encryption::encrypted_fields_map | ( | ) | const |
Get encrypted fields map.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::encrypted_fields_map | ( | bsoncxx::v_noabi::document::view_or_value | encrypted_fields_map | ) |
Sets the local encrypted fields map.
Supplying an encryptedFieldsMap provides more security than relying on an encryptedFields obtained from the server. It protects against a malicious server advertising a false encryptedFields.
encrypted_fields_map | The mapping of which fields to encrypt. |
const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::auto_encryption::extra_options | ( | ) | const |
Gets extra options related to the mongocryptd process.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::extra_options | ( | bsoncxx::v_noabi::document::view_or_value | extra | ) |
Set extra options related to the mongocryptd process.
This options document may include the following fields:
cryptSharedLibPath - Set a filepath string referring to a crypt_shared library file. Unset by default. If not set (the default), libmongocrypt will attempt to load crypt_shared using the host system’s default dynamic-library-search system.
If set, the given path should identify the crypt_shared dynamic library file itself, not the directory that contains it.
If the given path is a relative path and the first path component is $ORIGIN, the $ORIGIN component will be replaced with the absolute path to the directory containing the libmongocrypt library in use by the application.
Note No other RPATH/RUNPATH-style substitutions are available. If the given path is a relative path, the path will be resolved relative to the working directory of the operating system process.
If this option is set and libmongocrypt fails to load crypt_shared from the given filepath, libmongocrypt will fail to initialize and will not attempt to search for crypt_shared in any other locations.
cryptSharedLibRequired - If set to true, and libmongocrypt fails to load a crypt_shared library, initialization of auto-encryption will fail immediately and will not attempt to spawn mongocryptd.
If set to false (the default), cryptSharedLibPath is not set, and libmongocrypt fails to load crypt_shared, then libmongocrypt will proceed without crypt_shared and fall back to using mongocryptd.
extra | The extra options to set. |
const stdx::optional<mongocxx::v_noabi::client*>& mongocxx::v_noabi::options::auto_encryption::key_vault_client | ( | ) | const |
Gets the key vault client.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::key_vault_client | ( | mongocxx::v_noabi::client * | client | ) |
When the key vault collection is on a separate MongoDB cluster, sets the optional client to use to route data key queries to that cluster.
The given key vault client MUST outlive any client that has been enabled to use it through these options.
client | A client to use for routing queries to the key vault collection. |
const stdx::optional<ns_pair>& mongocxx::v_noabi::options::auto_encryption::key_vault_namespace | ( | ) | const |
Gets the key vault namespace.
const stdx::optional<mongocxx::v_noabi::pool*>& mongocxx::v_noabi::options::auto_encryption::key_vault_pool | ( | ) | const |
Gets the key vault pool.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::key_vault_pool | ( | mongocxx::v_noabi::pool * | pool | ) |
When the key vault collection is on a separate MongoDB cluster, sets the optional client pool to use to route data key queries to that cluster.
This option may not be used if a key_vault_client is set.
The given key vault pool MUST outlive any pool that has been enabled to use it through these options.
May only be set when enabling automatic encryption on a pool.
pool | A pool to use for routing queries to the key vault collection. |
const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::auto_encryption::kms_providers | ( | ) | const |
Gets the KMS providers.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::kms_providers | ( | bsoncxx::v_noabi::document::view_or_value | kms_providers | ) |
Sets the KMS providers to use for client side encryption.
Multiple KMS providers may be specified. The following KMS providers are supported: "aws", "azure", "gcp", "kmip", and "local". The kmsProviders map values differ by provider:
kms_providers | A document containing the KMS providers. |
const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::auto_encryption::schema_map | ( | ) | const |
Gets the schema map.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::schema_map | ( | bsoncxx::v_noabi::document::view_or_value | schema_map | ) |
Sets a local JSON schema.
Supplying a schemaMap provides more security than relying on JSON schemas obtained from the server. It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending unencrypted data that should be encrypted.
Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption. Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.
schema_map | The JSON schema to use. |
const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::auto_encryption::tls_opts | ( | ) | const |
Gets the TLS options.
auto_encryption& mongocxx::v_noabi::options::auto_encryption::tls_opts | ( | bsoncxx::v_noabi::document::view_or_value | tls_opts | ) |
Sets the TLS options to use for client side encryption with a given KMS provider.
Multiple KMS providers may be specified. Supported KMS providers are "aws", "azure", "gcp", and "kmip". The map value has the same form for all supported providers:
tls_opts | A document containing the TLS options. |