Full path to a MongoDB Crypt shared library to be used (instead of mongocryptd).要使用的MongoDB Crypt共享库的完整路径(而不是mongocrypt)。
This needs to be the path to the file itself, not a directory. 这需要是文件本身的路径,而不是目录。It can be an absolute or relative path. 它可以是绝对路径或相对路径。If the path is relative and its first component is 如果路径是相对的,并且它的第一个组件是$ORIGIN, it will be replaced by the directory containing the mongodb-client-encryption native addon file. $ORIGIN,那么它将被包含mongodb客户端加密本机插件文件的目录替换。Otherwise, the path will be interpreted relative to the current working directory.否则,路径将相对于当前工作目录进行解释。
Currently, loading different MongoDB Crypt shared library files from different MongoClients in the same process is not supported.目前,不支持在同一进程中从不同MongoClient加载不同MongoDB Crypt共享库文件。
If this option is provided and no MongoDB Crypt shared library could be loaded from the specified location, creating the MongoClient will fail.如果提供了此选项,并且无法从指定位置加载MongoDB Crypt共享库,则创建MongoClient将失败。
If this option is not provided and 如果未提供此选项且未指定cryptSharedLibRequired is not specified, the AutoEncrypter will attempt to spawn and/or use mongocryptd according to the mongocryptd-specific extraOptions options.cryptSharedLibRequired,则自动加密器将尝试根据mongocrypted特定extraOptions选项生成和/或使用mongocryptd。
Specifying a path prevents mongocryptd from being used as a fallback.指定路径可防止mongocrypted用作回退。
Requires the MongoDB Crypt shared library, available in MongoDB 6.0 or higher.需要MongoDB Crypt共享库,可在MongoDB 6.0或更高版本中获得。
If specified, never use mongocryptd and instead fail when the MongoDB Crypt shared library could not be loaded.如果指定了,请不要使用mongocrypt,而是在无法加载MongoDB Crypt共享库时失败。
This is always true when 当指定cryptSharedLibPath is specified.cryptSharedLibPath时,这始终为真。
Requires the MongoDB Crypt shared library, available in MongoDB 6.0 or higher.需要MongoDB Crypt共享库,可在MongoDB 6.0或更高版本中获得。
If true, autoEncryption will not attempt to spawn a mongocryptd before connecting如果为true,autoEncryption将不会在连接之前尝试生成mongocrypted
Command line arguments to use when auto-spawning a mongocryptd自动生成mongocrypted时要使用的命令行参数
The path to the mongocryptd executable on the system系统上mongocrypted可执行文件的路径
A local process the driver communicates with to determine how to encrypt values in a command. 驱动程序与之通信以确定如何加密命令中的值的本地进程。Defaults to "mongodb://%2Fvar%2Fmongocryptd.sock" if domain sockets are available or "mongodb://localhost:27020" otherwise如果域套接字可用则默认为"mongodb://%2Fvar%2Fmongocryptd.sock",否则为"mongodb://localhost:27020"。
A 用于从密钥库提取密钥的MongoClient used to fetch keys from a key vaultMongoClient
The namespace where keys are stored in the key vault密钥存储在密钥库中的命名空间
Configuration options that are used by specific KMS providers during key generation, encryption, and decryption.特定KMS提供程序在密钥生成、加密和解密期间使用的配置选项。
Configuration options for using 'aws' as your KMS provider使用“aws”作为KMS提供商的配置选项
The access key used for the AWS KMS providerAWS KMS提供商使用的访问密钥
The secret access key used for the AWS KMS providerAWS KMS提供商使用的秘密访问密钥
An optional AWS session token that will be used as the X-Amz-Security-Token header for AWS requests.可选的AWS会话令牌,将用作AWS请求的X-Amz-Security-token头。
Configuration options for using 'azure' as your KMS provider使用“azure”作为KMS提供商的配置选项
The client ID to authenticate a registered application用于验证已注册应用程序的客户端ID
The client secret to authenticate a registered application用于验证已注册应用程序的客户端密钥
If present, a host with optional port. E.g. "example.com" or "example.com:443". 如果存在,则是具有可选端口的主机。例如,"example.com"或"example.com:443"。This is optional, and only needed if customer is using a non-commercial Azure instance (e.g. a government or China account, which use different URLs). 这是可选的,仅当客户使用非商业Azure实例(例如使用不同URL的政府或中国帐户)时才需要。Defaults to 默认为"login.microsoftonline.com"
The tenant ID identifies the organization for the account租户ID标识帐户的组织
Configuration options for using 'gcp' as your KMS provider使用“gcp”作为KMS提供程序的配置选项
The service account email to authenticate要验证的服务帐户电子邮件
If present, a host with optional port. E.g. "example.com" or "example.com:443". 如果存在,则是具有可选端口的主机。例如,"example.com"或"example.com:443"。Defaults to 默认为"oauth2.googleapis.com"
A PKCS#8 encrypted key. PKCS#8加密密钥。This can either be a base64 string or a binary representation这可以是base64字符串或二进制表示
Configuration options for using 'kmip' as your KMS provider使用“kmip”作为KMS提供商的配置选项
The output endpoint string. The endpoint consists of a hostname and port separated by a colon. 输出终结点字符串。端点由主机名和端口组成,用冒号分隔。E.g. "example.com:123". 例如:"example.com:123"。A port is always present.端口始终存在。
Configuration options for using 'local' as your KMS provider使用“local”作为KMS提供商的配置选项
The master key used to encrypt/decrypt data keys. 用于加密/解密数据密钥的主密钥。A 96-byte long Buffer or base64 encoded string.96字节长的缓冲区或base64编码字符串。
An optional hook to catch logging messages from the underlying encryption engine用于从底层加密引擎捕获日志消息的可选挂钩
A map of namespaces to a local JSON schema for encryption命名空间到本地JSON模式的映射,用于加密
NOTE: Supplying :提供options.schemaMap provides more security than relying on JSON Schemas obtained from the server. options.schemaMap比依赖从服务器获取的JSON模式提供了更多的安全性。It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending decrypted data that should be encrypted. 它可以防止恶意服务器发布虚假的JSON模式,从而欺骗客户端发送应该加密的解密数据。Schemas supplied in the schemaMap only apply to configuring automatic encryption for Client-Side Field Level Encryption. schemaMap中提供的架构仅适用于为客户端字段级加密配置自动加密。Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.驱动程序不会强制执行JSON模式中的其他验证规则,并将导致错误。
The TLS options to use connecting to the KMS provider用于连接到KMS提供程序的TLS选项
Generated using TypeDoc
Allows the user to bypass auto encryption, maintaining implicit decryption允许用户绕过自动加密,保持隐式解密