MongoDB C++ Driver mongocxx-3.11.0
|
#include <mongocxx/v_noabi/mongocxx/options/data_key.hpp>
Class representing options for data key generation for encryption.
Public Types | |
using | key_material_type = std::vector<uint8_t> |
Represents binary data used to represent key material. | |
Public Member Functions | |
const std::vector< std::string > & | key_alt_names () const |
Gets the alternate names for the data key. | |
data_key & | key_alt_names (std::vector< std::string > key_alt_names) |
Sets an optional list of string alternate names used to reference the key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id. | |
const stdx::optional< key_material_type > & | key_material () |
Gets the keyMaterial as binary data. | |
data_key & | key_material (key_material_type key_material) |
Sets the binary data for the key material. | |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & | master_key () const |
Gets the master key. | |
data_key & | master_key (bsoncxx::v_noabi::document::view_or_value master_key) |
Sets a KMS-specific key used to encrypt the new data key. | |
using mongocxx::v_noabi::options::data_key::key_material_type = std::vector<uint8_t> |
Represents binary data used to represent key material.
const std::vector< std::string > & mongocxx::v_noabi::options::data_key::key_alt_names | ( | ) | const |
Gets the alternate names for the data key.
data_key & mongocxx::v_noabi::options::data_key::key_alt_names | ( | std::vector< std::string > | key_alt_names | ) |
Sets an optional list of string alternate names used to reference the key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.
key_alt_names | The alternate names for the key. |
const stdx::optional< key_material_type > & mongocxx::v_noabi::options::data_key::key_material | ( | ) |
Gets the keyMaterial as binary data.
data_key & mongocxx::v_noabi::options::data_key::key_material | ( | key_material_type | key_material | ) |
Sets the binary data for the key material.
An optional BinData of 96 bytes to use as custom key material for the data key being created. If keyMaterial is given, the custom key material is used for encrypting and decrypting data.
Otherwise, the key material for the new data key is generated from a cryptographically secure random device.
key_material | The binary data for the keyMaterial |
const stdx::optional< bsoncxx::v_noabi::document::view_or_value > & mongocxx::v_noabi::options::data_key::master_key | ( | ) | const |
Gets the master key.
data_key & mongocxx::v_noabi::options::data_key::master_key | ( | bsoncxx::v_noabi::document::view_or_value | master_key | ) |
Sets a KMS-specific key used to encrypt the new data key.
If the KMS provider is "aws" the masterKey is required and has the following fields:
{ region: String, key: String, // The Amazon Resource Name (ARN) to the AWS customer master key (CMK). endpoint: Optional<String> // An alternate host identifier to send KMS requests to. May include port number. Defaults to "kms.<region>.amazonaws.com" }
If the KMS provider is "azure" the masterKey is required and has the following fields:
{ keyVaultEndpoint: String, // Host with optional port. Example: "example.vault.azure.net". keyName: String, keyVersion: Optional<String> // A specific version of the named key, defaults to using the key's primary version. }
If the KMS provider is "gcp" the masterKey is required and has the following fields:
{ projectId: String, location: String, keyRing: String, keyName: String, keyVersion: Optional<String>, // A specific version of the named key, defaults to using the key's primary version. endpoint: Optional<String> // Host with optional port. Defaults to "cloudkms.googleapis.com". }
If the KMS provider is "kmip" the masterKey is required and has the following fields:
{ }
If the KMS provider is "local" the masterKey is not applicable.
master_key | The document representing the master key. |