mongocxx::v1::client_encryption Class Reference

#include <mongocxx/v1/client_encryption.hpp>

Description

Support for MongoDB In-Use Encryption.

Provides interfaces to support both Queryable Encryption and Client-Side Field Level Encryption (CSFLE).

See also

• Client Side Encryption (MongoDB Specifications)
• In-Use Encryption (MongoDB Manual)
  • Queryable Encryption
  • CSFLE

Attention

This feature is experimental! It is not ready for use!

Classes
class	options
	Options for mongocxx::v1::client_encryption. More...

Public Member Functions
	client_encryption (client_encryption &&other) noexcept
	Move constructor.
	client_encryption (client_encryption const &other)=delete
	This class is not copyable.
	client_encryption (options const &opts)
	Initialize with the given options.
	~client_encryption ()
	Destroy this object.
bsoncxx::v1::document::value	add_key_alt_name (bsoncxx::v1::types::value id, bsoncxx::v1::stdx::string_view key_alt_name)
	Add a new keyAltName to the specified data key.
v1::collection	create_encrypted_collection (v1::database &db, bsoncxx::v1::stdx::string_view name, bsoncxx::v1::document::view opts, bsoncxx::v1::document::value &coll_opts, bsoncxx::v1::stdx::string_view kms_provider)
	Create a collection with encrypted fields.
v1::collection	create_encrypted_collection (v1::database &db, bsoncxx::v1::stdx::string_view name, bsoncxx::v1::document::view opts, bsoncxx::v1::document::value &coll_opts, bsoncxx::v1::stdx::string_view kms_provider, bsoncxx::v1::document::view master_key)
	Create a collection with encrypted fields.
bsoncxx::v1::types::value	decrypt (bsoncxx::v1::types::value value)
	Decrypt the given value.
v1::delete_one_result	delete_key (bsoncxx::v1::types::value id)
	Delete the specified data key.
bsoncxx::v1::types::value	encrypt (bsoncxx::v1::types::value value, v1::encrypt_options const &opts)
	Encrypt the given value.
bsoncxx::v1::document::value	encrypt_expression (bsoncxx::v1::document::view expr, v1::encrypt_options const &opts)
	Encrypt the given Match Expression or Aggregate Expression.
bsoncxx::v1::document::value	get_key (bsoncxx::v1::types::value id)
	Return the requested data key.
bsoncxx::v1::document::value	get_key_by_alt_name (bsoncxx::v1::stdx::string_view key_alt_name)
	Return the specified data key.
v1::cursor	get_keys ()
	Return all data keys within the associated key vault collection.
client_encryption &	operator= (client_encryption &&other) noexcept
	Move assignment.
client_encryption &	operator= (client_encryption const &other)=delete
	This class is not copyable.
bsoncxx::v1::document::value	remove_key_alt_name (bsoncxx::v1::types::value id, bsoncxx::v1::stdx::string_view key_alt_name)
	Remove the given keyAltName from the specified data key.
v1::rewrap_many_datakey_result	rewrap_many_datakey (bsoncxx::v1::document::view filter, v1::rewrap_many_datakey_options const &opts)
	Decrypt and (re-)encrypt multiple data keys.
bsoncxx::v1::types::value	create_data_key (bsoncxx::v1::stdx::string_view kms_provider, v1::data_key_options const &opts)
	Create a new data key within the key vault collection.
bsoncxx::v1::types::value	create_data_key (bsoncxx::v1::stdx::string_view kms_provider)
	Create a new data key within the key vault collection.

Constructor & Destructor Documentation

~client_encryption()

mongocxx::v1::client_encryption::~client_encryption

(

)

Destroy this object.

Warning

Invalidates all associated views.

client_encryption() [1/3]

mongocxx::v1::client_encryption::client_encryption ( client_encryption && other )

noexcept

Move constructor.

Postconditions:

• other is in an assign-or-destroy-only state.

client_encryption() [2/3]

mongocxx::v1::client_encryption::client_encryption ( client_encryption const & other )

delete

This class is not copyable.

client_encryption() [3/3]

mongocxx::v1::client_encryption::client_encryption ( options const & opts )

explicit

Initialize with the given options.

Member Function Documentation

add_key_alt_name()

bsoncxx::v1::document::value mongocxx::v1::client_encryption::add_key_alt_name	(	bsoncxx::v1::types::value	id,
		bsoncxx::v1::stdx::string_view	key_alt_name )

Add a new keyAltName to the specified data key.

Returns

The data key before the addition of the new keyAltName.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

create_data_key() [1/2]

bsoncxx::v1::types::value mongocxx::v1::client_encryption::create_data_key

(

bsoncxx::v1::stdx::string_view

kms_provider

)

Create a new data key within the key vault collection.

Returns

The new key document ID as a bsoncxx::v1::types::binary_subtype::k_uuid.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

create_data_key() [2/2]

bsoncxx::v1::types::value mongocxx::v1::client_encryption::create_data_key	(	bsoncxx::v1::stdx::string_view	kms_provider,
		v1::data_key_options const &	opts )

Create a new data key within the key vault collection.

Returns

The new key document ID as a bsoncxx::v1::types::binary_subtype::k_uuid.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

create_encrypted_collection() [1/2]

v1::collection mongocxx::v1::client_encryption::create_encrypted_collection	(	v1::database &	db,
		bsoncxx::v1::stdx::string_view	name,
		bsoncxx::v1::document::view	opts,
		bsoncxx::v1::document::value &	coll_opts,
		bsoncxx::v1::stdx::string_view	kms_provider )

Create a collection with encrypted fields.

Parameters

db	The database within which to create the encrypted collection.
name	The name of the new encrypted collection.
opts	"create" options.
coll_opts	Set to the options used to create the encrypted collection, including the "encryptedFields" field.
kms_provider	The KMS provider to use for this operation.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

create_encrypted_collection() [2/2]

v1::collection mongocxx::v1::client_encryption::create_encrypted_collection	(	v1::database &	db,
		bsoncxx::v1::stdx::string_view	name,
		bsoncxx::v1::document::view	opts,
		bsoncxx::v1::document::value &	coll_opts,
		bsoncxx::v1::stdx::string_view	kms_provider,
		bsoncxx::v1::document::view	master_key )

Create a collection with encrypted fields.

Parameters

db	The database within which to create the encrypted collection.
name	The name of the new encrypted collection.
opts	"create" options.
coll_opts	Set to the options used to create the encrypted collection, including the "encryptedFields" field.
kms_provider	The KMS provider to use for this operation.
master_key	The master key to use when creating a new data key.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

decrypt()

bsoncxx::v1::types::value mongocxx::v1::client_encryption::decrypt

(

bsoncxx::v1::types::value

value

)

Decrypt the given value.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

delete_key()

v1::delete_one_result mongocxx::v1::client_encryption::delete_key

(

bsoncxx::v1::types::value

id

)

Delete the specified data key.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

encrypt()

bsoncxx::v1::types::value mongocxx::v1::client_encryption::encrypt	(	bsoncxx::v1::types::value	value,
		v1::encrypt_options const &	opts )

Encrypt the given value.

Returns

The encrypted value as a bsoncxx::v1::types::binary_subtype::k_encrypted.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

encrypt_expression()

bsoncxx::v1::document::value mongocxx::v1::client_encryption::encrypt_expression	(	bsoncxx::v1::document::view	expr,
		v1::encrypt_options const &	opts )

Encrypt the given Match Expression or Aggregate Expression.

Note

This operation is only supported when the "queryType" field is "range" and the "algorithm" field is "Range".

Returns

The encrypted expression.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

get_key()

bsoncxx::v1::document::value mongocxx::v1::client_encryption::get_key

(

bsoncxx::v1::types::value

id

)

Return the requested data key.

Returns

The raw server response.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

get_key_by_alt_name()

bsoncxx::v1::document::value mongocxx::v1::client_encryption::get_key_by_alt_name

(

bsoncxx::v1::stdx::string_view

key_alt_name

)

Return the specified data key.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

get_keys()

v1::cursor mongocxx::v1::client_encryption::get_keys

(

)

Return all data keys within the associated key vault collection.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

operator=() [1/2]

client_encryption & mongocxx::v1::client_encryption::operator= ( client_encryption && other )

noexcept

Move assignment.

Postconditions:

• other is in an assign-or-destroy-only state.

operator=() [2/2]

client_encryption & mongocxx::v1::client_encryption::operator= ( client_encryption const & other )

delete

This class is not copyable.

remove_key_alt_name()

bsoncxx::v1::document::value mongocxx::v1::client_encryption::remove_key_alt_name	(	bsoncxx::v1::types::value	id,
		bsoncxx::v1::stdx::string_view	key_alt_name )

Remove the given keyAltName from the specified data key.

Returns

The data key before the removal of the given keyAltName.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

rewrap_many_datakey()

v1::rewrap_many_datakey_result mongocxx::v1::client_encryption::rewrap_many_datakey	(	bsoncxx::v1::document::view	filter,
		v1::rewrap_many_datakey_options const &	opts )

Decrypt and (re-)encrypt multiple data keys.

When the "masterKey" field is set, the data keys are are (re-)encrypted using the new "masterKey". Otherwise, each data key is (re-)encrypted using their current "masterKey".

All rewrapped data keys are updated in the key vault collection using a single bulk write operation. No bulk write operation is executed when no data keys are found that match the given filter.

Exceptions

mongocxx::v1::server_error	when a server-side error is encountered and a raw server error is available.
mongocxx::v1::exception	for all other runtime errors.

---

The documentation for this class was generated from the following file:

• mongocxx/v1/client_encryption.hpp