MongoClient Options for CSFLE
On this page
Overview
View information about the Client-Side Field Level Encryption (CSFLE)-specific
configuration options for MongoClient
instances.
AutoEncryptionOpts
Pass an autoEncryptionOpts
object to your MongoClient
instance to specify CSFLE-specific options.
The following table describes the structure of an
autoEncryptionOpts
object:
Parameter | Type | Required | Description |
---|---|---|---|
keyVaultClient | MongoClient | No | A If you omit the To learn more about Key Vault collections, see Encryption Keys and Key Vaults. |
keyVaultNamespace | String | Yes | The full namespace of the Key Vault collection. |
kmsProviders | Object | Yes | The Key Management System (KMS) used by Client-Side Field Level Encryption for managing your Customer Master Keys (CMKs). To learn more about To learn more about Customer Master Keys, see Encryption Keys and Key Vaults. |
tlsOptions | Object | No | An object that maps Key Management System provider names to TLS configuration options. To learn more about TLS options see: TLS Options. To learn more about TLS see: TLS/SSL (Transport Encryption). |
schemaMap | Object | No | An encryption schema. To learn how to construct an encryption schema, see Encryption Schemas. For complete documentation of encryption schemas, see CSFLE Encryption Schemas. |
bypassAutoEncryption | Boolean | No | Specify To learn more about this option, see Automatic Decryption. |
Example
To view a code-snippet demonstrating how to use
autoEncryptionOpts
to configure your
MongoClient
instance, select the tab corresponding to your driver:
var autoEncryptionOpts = { "keyVaultNamespace" : "<database>.<collection>", "kmsProviders" : { ... }, "schemaMap" : { ... } } cluster = Mongo( "<Your Connection String>", autoEncryptionOpts );
var clientSettings = MongoClientSettings.FromConnectionString(_connectionString); var autoEncryptionOptions = new AutoEncryptionOptions( keyVaultNamespace: keyVaultNamespace, kmsProviders: kmsProviders, schemaMap: schemaMap, extraOptions: extraOptions); clientSettings.AutoEncryptionOptions = autoEncryptionOptions; var client = new MongoClient(clientSettings);
autoEncryptionOpts := options.AutoEncryption(). SetKmsProviders(provider.Credentials()). SetKeyVaultNamespace(keyVaultNamespace). SetSchemaMap(schemaMap). SetExtraOptions(extraOptions) client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI(uri).SetAutoEncryptionOptions(autoEncryptionOpts))
MongoClientSettings clientSettings = MongoClientSettings.builder() .applyConnectionString(new ConnectionString("mongodb://localhost:27017")) .autoEncryptionSettings(AutoEncryptionSettings.builder() .keyVaultNamespace(keyVaultNamespace) .kmsProviders(kmsProviders) .schemaMap(schemaMap) .extraOptions(extraOptions) .build()) .build(); MongoClient mongoClient = MongoClients.create(clientSettings);
const secureClient = new MongoClient(connectionString, { monitorCommands: true, autoEncryption: { keyVaultNamespace, kmsProviders, schemaMap: patientSchema, extraOptions: extraOptions, }, });
fle_opts = AutoEncryptionOpts( kms_providers, key_vault_namespace, schema_map=patient_schema, **extra_options ) client = MongoClient(connection_string, auto_encryption_opts=fle_opts)