MongoDB C++ Driver  mongocxx-3.7.0
Public Types | Public Member Functions | Friends | List of all members
mongocxx::options::auto_encryption Class Reference

Class representing options for automatic client-side encryption. More...

#include <auto_encryption.hpp>

Public Types

using ns_pair = std::pair< std::string, std::string >
 Sets the namespace to use to access the key vault collection, which contains all data keys used for encryption and decryption. More...
 

Public Member Functions

 auto_encryption () noexcept
 Default constructs a new auto_encryption object.
 
auto_encryptionkey_vault_client (client *client)
 When the key vault collection is on a separate MongoDB cluster, sets the optional client to use to route data key queries to that cluster. More...
 
const stdx::optional< client * > & key_vault_client () const
 Gets the key vault client. More...
 
auto_encryptionkey_vault_pool (pool *pool)
 When the key vault collection is on a separate MongoDB cluster, sets the optional client pool to use to route data key queries to that cluster. More...
 
const stdx::optional< pool * > & key_vault_pool () const
 Gets the key vault pool. More...
 
const stdx::optional< ns_pair > & key_vault_namespace () const
 Gets the key vault namespace. More...
 
auto_encryptionkms_providers (bsoncxx::document::view_or_value kms_providers)
 Sets the KMS providers to use for client side encryption. More...
 
const stdx::optional< bsoncxx::document::view_or_value > & kms_providers () const
 Gets the KMS providers. More...
 
auto_encryptiontls_opts (bsoncxx::document::view_or_value tls_opts)
 Sets the TLS options to use for client side encryption with a given KMS provider. More...
 
const stdx::optional< bsoncxx::document::view_or_value > & tls_opts () const
 Gets the TLS options. More...
 
auto_encryptionschema_map (bsoncxx::document::view_or_value schema_map)
 Sets a local JSON schema. More...
 
const stdx::optional< bsoncxx::document::view_or_value > & schema_map () const
 Gets the schema map. More...
 
auto_encryptionbypass_auto_encryption (bool should_bypass)
 Automatic encryption is disabled when the 'bypassAutoEncryption' option is true. More...
 
bool bypass_auto_encryption () const
 Gets a boolean specifying whether or not auto encryption is bypassed. More...
 
auto_encryptionextra_options (bsoncxx::document::view_or_value extra)
 Set extra options related to the mongocryptd process. More...
 
const stdx::optional< bsoncxx::document::view_or_value > & extra_options () const
 Gets extra options related to the mongocryptd process. More...
 

Friends

class mongocxx::client
 
class mongocxx::pool
 

Detailed Description

Class representing options for automatic client-side encryption.

Member Typedef Documentation

◆ ns_pair

using mongocxx::options::auto_encryption::ns_pair = std::pair<std::string, std::string>

Sets the namespace to use to access the key vault collection, which contains all data keys used for encryption and decryption.

This option must be set:

auto_encryption.key_vault_namespace({ "db", "coll" });

Parameters
nsA std::pair of strings representing the db and collection to use to access the key vault.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

Member Function Documentation

◆ bypass_auto_encryption() [1/2]

bool mongocxx::options::auto_encryption::bypass_auto_encryption ( ) const

Gets a boolean specifying whether or not auto encryption is bypassed.

Returns
A boolean specifying whether auto encryption is bypassed.

◆ bypass_auto_encryption() [2/2]

auto_encryption& mongocxx::options::auto_encryption::bypass_auto_encryption ( bool  should_bypass)

Automatic encryption is disabled when the 'bypassAutoEncryption' option is true.

Default is 'false,' so auto encryption is enabled.

Parameters
should_bypassWhether or not to bypass automatic encryption.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ extra_options() [1/2]

const stdx::optional<bsoncxx::document::view_or_value>& mongocxx::options::auto_encryption::extra_options ( ) const

Gets extra options related to the mongocryptd process.

Returns
An optional document containing the extra options.

◆ extra_options() [2/2]

auto_encryption& mongocxx::options::auto_encryption::extra_options ( bsoncxx::document::view_or_value  extra)

Set extra options related to the mongocryptd process.

This options document may include the following fields:

  • mongocryptdURI: string, defaults to "mongodb://localhost:27020".
  • mongocryptdBypassSpawn: bool, defaults to false.
  • mongocryptdSpawnPath: string, defaults to "" and spawns mongocryptd from the system path.
  • mongocryptdSpawnArgs: array[strings], options passed to mongocryptd when spawing. Defaults to ["--idleShutdownTimeoutSecs=60"].
Parameters
extraThe extra options to set.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ key_vault_client() [1/2]

const stdx::optional<client*>& mongocxx::options::auto_encryption::key_vault_client ( ) const

Gets the key vault client.

Returns
An optional pointer to the key vault client.

◆ key_vault_client() [2/2]

auto_encryption& mongocxx::options::auto_encryption::key_vault_client ( client client)

When the key vault collection is on a separate MongoDB cluster, sets the optional client to use to route data key queries to that cluster.

The given key vault client MUST outlive any client that has been enabled to use it through these options.

Parameters
clientA client to use for routing queries to the key vault collection.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ key_vault_namespace()

const stdx::optional<ns_pair>& mongocxx::options::auto_encryption::key_vault_namespace ( ) const

Gets the key vault namespace.

Returns
An optional pair of strings representing the namespace of the key vault collection.

◆ key_vault_pool() [1/2]

const stdx::optional<pool*>& mongocxx::options::auto_encryption::key_vault_pool ( ) const

Gets the key vault pool.

Returns
An optional pointer to the key vault pool.

◆ key_vault_pool() [2/2]

auto_encryption& mongocxx::options::auto_encryption::key_vault_pool ( pool pool)

When the key vault collection is on a separate MongoDB cluster, sets the optional client pool to use to route data key queries to that cluster.

This option may not be used if a key_vault_client is set.

The given key vault pool MUST outlive any pool that has been enabled to use it through these options.

May only be set when enabling automatic encryption on a pool.

Parameters
poolA pool to use for routing queries to the key vault collection.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ kms_providers() [1/2]

const stdx::optional<bsoncxx::document::view_or_value>& mongocxx::options::auto_encryption::kms_providers ( ) const

Gets the KMS providers.

Returns
An optional document containing the KMS providers.

◆ kms_providers() [2/2]

auto_encryption& mongocxx::options::auto_encryption::kms_providers ( bsoncxx::document::view_or_value  kms_providers)

Sets the KMS providers to use for client side encryption.

Multiple KMS providers may be specified. The following KMS providers are supported: "aws", "azure", "gcp", "kmip", and "local". The kmsProviders map values differ by provider:

aws: { accessKeyId: String, secretAccessKey: String }

azure: { tenantId: String, clientId: String, clientSecret: String, identityPlatformEndpoint: Optional<String> // Defaults to login.microsoftonline.com }

gcp: { email: String, privateKey: byte[] or String, // May be passed as a base64 encoded string. endpoint: Optional<String> // Defaults to oauth2.googleapis.com }

kmip: { endpoint: String }

local: { key: byte[96] // The master key used to encrypt/decrypt data keys. }

Parameters
kms_providersA document containing the KMS providers.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ schema_map() [1/2]

const stdx::optional<bsoncxx::document::view_or_value>& mongocxx::options::auto_encryption::schema_map ( ) const

Gets the schema map.

Returns
An optional document containing the schema map.

◆ schema_map() [2/2]

auto_encryption& mongocxx::options::auto_encryption::schema_map ( bsoncxx::document::view_or_value  schema_map)

Sets a local JSON schema.

Supplying a schemaMap provides more security than relying on JSON schemas obtained from the server. It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending unencrypted data that should be encrypted.

Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption. Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.

Parameters
schema_mapThe JSON schema to use.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ tls_opts() [1/2]

const stdx::optional<bsoncxx::document::view_or_value>& mongocxx::options::auto_encryption::tls_opts ( ) const

Gets the TLS options.

Returns
An optional document containing the TLS options.

◆ tls_opts() [2/2]

auto_encryption& mongocxx::options::auto_encryption::tls_opts ( bsoncxx::document::view_or_value  tls_opts)

Sets the TLS options to use for client side encryption with a given KMS provider.

Multiple KMS providers may be specified. Supported KMS providers are "aws", "azure", "gcp", and "kmip". The map value has the same form for all supported providers:

<KMS provider name>: { tlsCaFile: Optional<String> tlsCertificateKeyFile: Optional<String> tlsCertificateKeyFilePassword: Optional<String> }

Parameters
tls_optsA document containing the TLS options.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

The documentation for this class was generated from the following file: