MongoDB C++ Driver  mongocxx-3.7.0
Public Types | Public Member Functions | Friends | List of all members
mongocxx::options::client_encryption Class Reference

Class representing options for the object managing explicit client-side encryption. More...

#include <client_encryption.hpp>

Public Types

using ns_pair = std::pair< std::string, std::string >
 Sets the namespace to use to access the key vault collection, which contains all data keys used for encryption and decryption. More...
 

Public Member Functions

client_encryptionkey_vault_client (mongocxx::client *client)
 When the key vault collection is on a separate MongoDB cluster, sets the optional client to use to route data key queries to that cluster. More...
 
const stdx::optional< mongocxx::client * > & key_vault_client () const
 Gets the key vault client. More...
 
const stdx::optional< ns_pair > & key_vault_namespace () const
 Gets the key vault namespace. More...
 
client_encryptionkms_providers (bsoncxx::document::view_or_value kms_providers)
 Sets the KMS providers to use for client side encryption. More...
 
const stdx::optional< bsoncxx::document::view_or_value > & kms_providers () const
 Gets the KMS providers. More...
 
client_encryptiontls_opts (bsoncxx::document::view_or_value tls_opts)
 Sets the TLS options to use for client side encryption with a given KMS provider. More...
 
const stdx::optional< bsoncxx::document::view_or_value > & tls_opts () const
 Gets the TLS options. More...
 

Friends

class mongocxx::client_encryption
 

Detailed Description

Class representing options for the object managing explicit client-side encryption.

Member Typedef Documentation

◆ ns_pair

using mongocxx::options::client_encryption::ns_pair = std::pair<std::string, std::string>

Sets the namespace to use to access the key vault collection, which contains all data keys used for encryption and decryption.

This option must be set:

client_encryption.key_vault_namespace({ "db", "coll" });

Parameters
nsA std::pair of strings representing the db and collection to use to access the key vault.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

Member Function Documentation

◆ key_vault_client() [1/2]

const stdx::optional<mongocxx::client*>& mongocxx::options::client_encryption::key_vault_client ( ) const

Gets the key vault client.

Returns
An optional pointer to the key vault client.

◆ key_vault_client() [2/2]

client_encryption& mongocxx::options::client_encryption::key_vault_client ( mongocxx::client client)

When the key vault collection is on a separate MongoDB cluster, sets the optional client to use to route data key queries to that cluster.

Parameters
clientA client to use for routing queries to the key vault collection.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ key_vault_namespace()

const stdx::optional<ns_pair>& mongocxx::options::client_encryption::key_vault_namespace ( ) const

Gets the key vault namespace.

Returns
An optional pair of strings representing the namespace of the key vault collection.

◆ kms_providers() [1/2]

const stdx::optional<bsoncxx::document::view_or_value>& mongocxx::options::client_encryption::kms_providers ( ) const

Gets the KMS providers.

Returns
An optional document containing the KMS providers.

◆ kms_providers() [2/2]

client_encryption& mongocxx::options::client_encryption::kms_providers ( bsoncxx::document::view_or_value  kms_providers)

Sets the KMS providers to use for client side encryption.

Multiple KMS providers may be specified. Supported KMS providers are "aws", "azure", "gcp", "kmip", and "local". The kmsProviders map values differ by provider:

aws: { accessKeyId: String, secretAccessKey: String }

azure: { tenantId: String, clientId: String, clientSecret: String, identityPlatformEndpoint: Optional<String> // Defaults to login.microsoftonline.com }

gcp: { email: String, privateKey: byte[] or String, // May be passed as a base64 encoded string. endpoint: Optional<String> // Defaults to oauth2.googleapis.com }

kmip: { endpoint: String }

local: { key: byte[96] // The master key used to encrypt/decrypt data keys. }

Parameters
kms_providersA document containing the KMS providers.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

◆ tls_opts() [1/2]

const stdx::optional<bsoncxx::document::view_or_value>& mongocxx::options::client_encryption::tls_opts ( ) const

Gets the TLS options.

Returns
An optional document containing the TLS options.

◆ tls_opts() [2/2]

client_encryption& mongocxx::options::client_encryption::tls_opts ( bsoncxx::document::view_or_value  tls_opts)

Sets the TLS options to use for client side encryption with a given KMS provider.

Multiple KMS providers may be specified. Supported KMS providers are "aws", "azure", "gcp", and "kmip". The map value has the same form for all supported providers:

<KMS provider name>: { tlsCaFile: Optional<String> tlsCertificateKeyFile: Optional<String> tlsCertificateKeyFilePassword: Optional<String> }

Parameters
tls_optsA document containing the TLS options.
Returns
A reference to this object to facilitate method chaining.
See also
https://docs.mongodb.com/manual/core/security-client-side-encryption/

The documentation for this class was generated from the following file: