MongoDB C++ Driver  mongocxx-3.10.2
Public Types | Public Member Functions | List of all members
mongocxx::v_noabi::options::data_key Class Reference

Class representing options for data key generation for encryption. More...

#include <data_key.hpp>

Public Types

using key_material_type = std::vector< uint8_t >
 Sets the binary data for the key material. More...
 

Public Member Functions

data_keymaster_key (bsoncxx::v_noabi::document::view_or_value master_key)
 Sets a KMS-specific key used to encrypt the new data key. More...
 
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & master_key () const
 Gets the master key. More...
 
data_keykey_alt_names (std::vector< std::string > key_alt_names)
 Sets an optional list of string alternate names used to reference the key. More...
 
const std::vector< std::string > & key_alt_names () const
 Gets the alternate names for the data key. More...
 
const stdx::optional< key_material_type > & key_material ()
 Gets the keyMaterial as binary data. More...
 

Detailed Description

Class representing options for data key generation for encryption.

Member Typedef Documentation

◆ key_material_type

Sets the binary data for the key material.

An optional BinData of 96 bytes to use as custom key material for the data key being created. If keyMaterial is given, the custom key material is used for encrypting and decrypting data.

Otherwise, the key material for the new data key is generated from a cryptographically secure random device.

Parameters
key_materialThe binary data for the keyMaterial
Returns
A reference to this object.
See also
https://www.mongodb.com/docs/v6.0/reference/method/KeyVault.createKey/

Member Function Documentation

◆ key_alt_names() [1/2]

const std::vector<std::string>& mongocxx::v_noabi::options::data_key::key_alt_names ( ) const

Gets the alternate names for the data key.

Returns
The alternate names for the data key.

◆ key_alt_names() [2/2]

data_key& mongocxx::v_noabi::options::data_key::key_alt_names ( std::vector< std::string >  key_alt_names)

Sets an optional list of string alternate names used to reference the key.

If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.

Parameters
key_alt_namesThe alternate names for the key.
Returns
A reference to this object.
See also
https://www.mongodb.com/docs/manual/reference/method/getClientEncryption/

◆ key_material()

const stdx::optional<key_material_type>& mongocxx::v_noabi::options::data_key::key_material ( )

Gets the keyMaterial as binary data.

Returns
The binary data for the key material
See also
https://www.mongodb.com/docs/v6.0/reference/method/KeyVault.createKey/

◆ master_key() [1/2]

const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::data_key::master_key ( ) const

Gets the master key.

Returns
An optional document containing the master key.

◆ master_key() [2/2]

data_key& mongocxx::v_noabi::options::data_key::master_key ( bsoncxx::v_noabi::document::view_or_value  master_key)

Sets a KMS-specific key used to encrypt the new data key.

If the KMS provider is "aws" the masterKey is required and has the following fields:

{ region: String, key: String, // The Amazon Resource Name (ARN) to the AWS customer master key (CMK). endpoint: Optional<String> // An alternate host identifier to send KMS requests to. May include port number. Defaults to "kms.<region>.amazonaws.com" }

If the KMS provider is "azure" the masterKey is required and has the following fields:

{ keyVaultEndpoint: String, // Host with optional port. Example: "example.vault.azure.net". keyName: String, keyVersion: Optional<String> // A specific version of the named key, defaults to using the key's primary version. }

If the KMS provider is "gcp" the masterKey is required and has the following fields:

{ projectId: String, location: String, keyRing: String, keyName: String, keyVersion: Optional<String>, // A specific version of the named key, defaults to using the key's primary version. endpoint: Optional<String> // Host with optional port. Defaults to "cloudkms.googleapis.com". }

If the KMS provider is "kmip" the masterKey is required and has the following fields:

{ }

If the KMS provider is "local" the masterKey is not applicable.

Parameters
master_keyThe document representing the master key.
Returns
A reference to this object.
See also
https://www.mongodb.com/docs/manual/core/security-client-side-encryption-key-management/

The documentation for this class was generated from the following file: