Navigation

Client-Side Field Level Encryption Methods

Note

For details on specific methods, including syntax and examples, click on the specific method to go to its reference page.

The mongo client-side field level encrytion methods require a database connection with client-side field level encryption enabled. If the current database connection was not initiated with client-side field level encryption enabled, either:

  • Use the Mongo() constructor from the mongo shell to establish a connection with the required client-side field level encryption options. The Mongo() method supports both Amazon Web Services and Local Key Management Service (KMS) providers for Customer Master Key (CMK) management.

    or

  • Use the mongo shell command line options to establish a connection with the required options. The command line options only support the AWS KMS provider for CMK management.

Name Description
getKeyVault() Returns the key vault object for the current MongoDB connection.
KeyVault.createKey() Creates a data key for use with client-side field level encryption.
KeyVault.deleteKey() Deletes the specified data key from the key vault.
KeyVault.getKey() Retreives the specified data key from the key vault.
KeyVault.getKeys() Retrieves all keys in the key vault.
KeyVault.addKeyAlternateName() Associates a key alternative name to the specified data key.
KeyVault.removeKeyAlternateName() Removes a key alternative name from the specified data key.
KeyVault.getKeyByAltName() Retrieves keys with the specified key alternative name.
getClientEncryption() Returns the client encryption object for supporting explicit encryption/decryption of fields.
ClientEncryption.encrypt() Encrypts a field using a specified data key and encryption algorithm.
ClientEncryption.decrypt() Decrypts a field using the associated data key and encryption algorithm.
←   _srand() getKeyVault()  →