MongoDB\Driver\Manager::createClientEncryption
(mongodb >=1.7.0)
MongoDB\Driver\Manager::createClientEncryption — Create a new ClientEncryption object
说明
$options): MongoDB\Driver\ClientEncryptionConstructs a new MongoDB\Driver\ClientEncryption object with the specified options.
参数
options-
options Option Type Description keyVaultClient MongoDB\Driver\Manager The Manager used to route data key queries to a separate MongoDB cluster. By default, the current Manager and cluster is used. keyVaultNamespace string A fully qualified namespace (e.g. "databaseName.collectionName") denoting the collection that contains all data keys used for encryption and decryption. This option is required.kmsProviders array A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Supported providers include
"aws","azure","gcp","kmip", and"local"and at least one must be specified.If an empty document is specified for
"aws","azure", or"gcp", the driver will attempt to configure the provider using » Automatic Credentials.The format for
"aws"is as follows:aws: { accessKeyId: <string>, secretAccessKey: <string>, sessionToken: <optional string> }The format for
"azure"is as follows:azure: { tenantId: <string>, clientId: <string>, clientSecret: <string>, identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com" }The format for
"gcp"is as follows:gcp: { email: <string>, privateKey: <base64 string>|<MongoDB\BSON\Binary>, endpoint: <optional string> // Defaults to "oauth2.googleapis.com" }The format for
"kmip"is as follows:kmip: { endpoint: <string> }The format for
"local"is as follows:local: { // 96-byte master key used to encrypt/decrypt data keys key: <base64 string>|<MongoDB\BSON\Binary> }tlsOptions array A document containing the TLS configuration for one or more KMS providers. Supported providers include
"aws","azure","gcp", and"kmip". All providers support the following options:<provider>: { tlsCaFile: <optional string>, tlsCertificateKeyFile: <optional string>, tlsCertificateKeyFilePassword: <optional string>, tlsDisableOCSPEndpointCheck: <optional bool> }
返回值
Returns a new MongoDB\Driver\ClientEncryption instance.
错误/异常
- Throws MongoDB\Driver\Exception\InvalidArgumentException on argument parsing errors.
- Throws MongoDB\Driver\Exception\RuntimeException if the extension was compiled without libmongocrypt support
更新日志
| 版本 | 说明 |
|---|---|
| PECL mongodb 1.16.0 |
The AWS KMS provider for client-side encryption now accepts a
Added
If an empty document is specified for the |
| PECL mongodb 1.15.0 |
If an empty document is specified for the |
| PECL mongodb 1.12.0 |
KMIP is now supported as a KMS provider for client-side encryption and
may be configured in the
Added the |
| PECL mongodb 1.10.0 |
Azure and GCP are now supported as KMS providers for client-side
encryption and may be configured in the
"kmsProviders" option. Base64-encoded strings are now
accepted as an alternative to MongoDB\BSON\Binary
for options within "kmsProviders".
|
参见
- MongoDB\Driver\ClientEncryption::__construct() - Create a new ClientEncryption object
- » Explicit (Manual) Client-Side Field Level Encryption in the MongoDB manual
用户贡献的备注
备份地址:http://www.lvesu.com/blog/php/mongodb-driver-manager.createclientencryption.php