MongoDB C++ Driver
mongocxx-3.10.2
|
Class representing options for data key generation for encryption. More...
#include <data_key.hpp>
Public Types | |
using | key_material_type = std::vector< uint8_t > |
Sets the binary data for the key material. More... | |
Public Member Functions | |
data_key & | master_key (bsoncxx::v_noabi::document::view_or_value master_key) |
Sets a KMS-specific key used to encrypt the new data key. More... | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | master_key () const |
Gets the master key. More... | |
data_key & | key_alt_names (std::vector< std::string > key_alt_names) |
Sets an optional list of string alternate names used to reference the key. More... | |
const std::vector< std::string > & | key_alt_names () const |
Gets the alternate names for the data key. More... | |
const stdx::optional< key_material_type > & | key_material () |
Gets the keyMaterial as binary data. More... | |
Class representing options for data key generation for encryption.
using mongocxx::v_noabi::options::data_key::key_material_type = std::vector<uint8_t> |
Sets the binary data for the key material.
An optional BinData of 96 bytes to use as custom key material for the data key being created. If keyMaterial is given, the custom key material is used for encrypting and decrypting data.
Otherwise, the key material for the new data key is generated from a cryptographically secure random device.
key_material | The binary data for the keyMaterial |
const std::vector<std::string>& mongocxx::v_noabi::options::data_key::key_alt_names | ( | ) | const |
Gets the alternate names for the data key.
data_key& mongocxx::v_noabi::options::data_key::key_alt_names | ( | std::vector< std::string > | key_alt_names | ) |
Sets an optional list of string alternate names used to reference the key.
If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.
key_alt_names | The alternate names for the key. |
const stdx::optional<key_material_type>& mongocxx::v_noabi::options::data_key::key_material | ( | ) |
Gets the keyMaterial as binary data.
const stdx::optional<bsoncxx::v_noabi::document::view_or_value>& mongocxx::v_noabi::options::data_key::master_key | ( | ) | const |
Gets the master key.
data_key& mongocxx::v_noabi::options::data_key::master_key | ( | bsoncxx::v_noabi::document::view_or_value | master_key | ) |
Sets a KMS-specific key used to encrypt the new data key.
If the KMS provider is "aws" the masterKey is required and has the following fields:
{ region: String, key: String, // The Amazon Resource Name (ARN) to the AWS customer master key (CMK). endpoint: Optional<String> // An alternate host identifier to send KMS requests to. May include port number. Defaults to "kms.<region>.amazonaws.com" }
If the KMS provider is "azure" the masterKey is required and has the following fields:
{ keyVaultEndpoint: String, // Host with optional port. Example: "example.vault.azure.net". keyName: String, keyVersion: Optional<String> // A specific version of the named key, defaults to using the key's primary version. }
If the KMS provider is "gcp" the masterKey is required and has the following fields:
{ projectId: String, location: String, keyRing: String, keyName: String, keyVersion: Optional<String>, // A specific version of the named key, defaults to using the key's primary version. endpoint: Optional<String> // Host with optional port. Defaults to "cloudkms.googleapis.com". }
If the KMS provider is "kmip" the masterKey is required and has the following fields:
{ }
If the KMS provider is "local" the masterKey is not applicable.
master_key | The document representing the master key. |