Create a new encryption instance创建新的加密实例
new ClientEncryption(mongoClient, {
keyVaultNamespace: 'client.encryption',
kmsProviders: {
local: {
key: masterKey // The master key used for encryption/decryption. A 96-byte long Buffer
}
}
});
new ClientEncryption(mongoClient, {
keyVaultNamespace: 'client.encryption',
kmsProviders: {
aws: {
accessKeyId: AWS_ACCESS_KEY,
secretAccessKey: AWS_SECRET_KEY
}
}
});
Static libmongocryptAdds a keyAltName to a key identified by the provided _id.将keyAltName添加到由提供的_id标识的键中。
This method resolves to/returns the old key value (prior to adding the new altKeyName).此方法解析为/返回旧键值(在添加新的altKeyName之前)。
The id of the document to update.要更新的文档的id。
a keyAltName to search for a key键AltName以搜索键
Returns a promise that either resolves to a DataKey if a document matches the key or null if no documents match the id. The promise rejects with an error if an error is thrown.返回一个promise,如果文档与该键匹配,则该promise解析为DataKey;如果没有文档与id匹配,则返回null。如果抛出错误,则promise将以错误形式拒绝。
// adding an keyAltName to a data key
const id = new Binary(); // id is a bson binary subtype 4 object
const keyAltName = 'keyAltName';
const oldKey = await clientEncryption.addKeyAltName(id, keyAltName);
if (!oldKey) {
// null is returned if there is no matching document with an id matching the supplied id如果没有id与提供的id匹配的匹配文档,则返回null
}
Creates a data key used for explicit encryption and inserts it into the key vault namespace创建用于显式加密的数据键,并将其插入键保管库命名空间
// Using async/await to create a local key使用async/await创建本地键
const dataKeyId = await clientEncryption.createDataKey('local');
// Using async/await to create an aws key使用async/await创建aws键
const dataKeyId = await clientEncryption.createDataKey('aws', {
masterKey: {
region: 'us-east-1',
key: 'xxxxxxxxxxxxxx' // CMK ARN here
}
});
// Using async/await to create an aws key with a keyAltName使用async/await创建具有keyAltName的aws键
const dataKeyId = await clientEncryption.createDataKey('aws', {
masterKey: {
region: 'us-east-1',
key: 'xxxxxxxxxxxxxx' // CMK ARN here
},
keyAltNames: [ 'mySpecialKey' ]
});
A convenience method for creating an encrypted collection.一种创建加密集合的方便方法。This method will create data keys for any encryptedFields that do not have a 此方法将为任何未定义keyId defined and then create a new collection with the full set of encryptedFields.keyId的encryptedFields创建数据键,然后使用完整的encryptidFields集创建新集合。
A Node.js driver Db object with which to create the collection用于创建集合的Node.js驱动程序Db对象
The name of the collection to be created要创建的集合的名称
Options for createDataKey and for createCollectioncreateDataKey和createCollection的选项
Optional mastercreated collection and generated encryptedFields
MongoCryptCreateDataKeyError - If part way through the process a createDataKey invocation fails, an error will be rejected that has the partial 如果在过程的中途,createDataKey调用失败,则会拒绝一个包含已创建的部分encryptedFields that were created.encryptedFields的错误。
MongoCryptCreateEncryptedCollectionError - If creating the collection fails, an error will be rejected that has the entire 如果创建集合失败,则会拒绝包含创建的整个encryptedFields that were created.encryptedFields的错误。
Explicitly decrypt a provided encrypted value显式解密提供的加密值
An encrypted value
a Promise that either resolves with the decrypted value, or rejects with an error一个Promise,它要么用解密的值解析,要么用错误拒绝
// Decrypting value with async/await API
async function decryptMyValue(value) {
return clientEncryption.decrypt(value);
}
Deletes the key with the provided id from the keyvault, if it exists.从键保管库中删除具有提供id的键(如果存在)。
// delete a key by _id按_id删除键
const id = new Binary(); // id is a bson binary subtype 4 object
const { deletedCount } = await clientEncryption.deleteKey(id);
if (deletedCount != null && deletedCount > 0) {
// successful deletion
}
Explicitly encrypt a provided value. 显式加密提供的值。Note that either 请注意,必须指定options.keyId or options.keyAltName must be specified. options.keyId或options.keyAltName。Specifying both 同时指定options.keyId and options.keyAltName is considered an error.options.keyId和options.keyAltName被认为是一个错误。
The value that you wish to serialize. Must be of a type that can be serialized into BSON要序列化的值。必须是可以序列化为BSON的类型
a Promise that either resolves with the encrypted value, or rejects with an error.一个Promise,它要么用加密值解析,要么用错误拒绝。
// Encryption with async/await api
async function encryptMyData(value) {
const keyId = await clientEncryption.createDataKey('local');
return clientEncryption.encrypt(value, { keyId, algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic' });
}
// Encryption using a keyAltName
async function encryptMyData(value) {
await clientEncryption.createDataKey('local', { keyAltNames: 'mySpecialKey' });
return clientEncryption.encrypt(value, { keyAltName: 'mySpecialKey', algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic' });
}
Experimental
Encrypts a Match Expression or Aggregate Expression to query a range index.加密匹配表达式或聚合表达式以查询范围索引。
Only supported when queryType is "rangePreview" and algorithm is "RangePreview".仅当queryType为“rangePreview”且算法为“rangePreview“时才受支持。
The Range algorithm is experimental only. It is not intended for production use. It is subject to breaking changes.Range算法只是实验性的。它不用于生产用途。它可能会发生突破性的变化。
a BSON document of one of the following forms:以下形式之一的BSON文件:
{$and: [{<field>: {$gt: <value1>}}, {<field>: {$lt: <value2> }}]}{$and: [{$gt: [<fieldpath>, <value1>]}, {$lt: [<fieldpath>, <value2>]}]}$gt may also be $gte. $lt may also be $lte.$gt也可以是$gte。$lt也可能是$lte。
Returns a Promise that either resolves with the encrypted value or rejects with an error.返回一个Promise,该Promise要么使用加密值解析,要么通过错误拒绝。
Finds a key in the keyvault with the specified _id.在键保管库中查找具有指定_id的键。
Returns a promise that either resolves to a DataKey if a document matches the key or null if no documents match the id. 返回一个promise,如果文档与该键匹配,则该promise解析为DataKey;如果没有文档与id匹配,则返回null。The promise rejects with an error if an error is thrown.如果抛出错误,promise将以错误拒绝。
// getting a key by id通过id获取键
const id = new Binary(); // id is a bson binary subtype 4 object
const key = await clientEncryption.getKey(id);
if (!key) {
// key is null if there was no matching key如果没有匹配的键,则键为null
}
Finds a key in the keyvault which has the specified keyAltName.在键保管库中查找具有指定keyAltName的键。
a keyAltName to search for a key键AltName以搜索键
Returns a promise that either resolves to a DataKey if a document matches the key or null if no documents match the keyAltName. 返回一个promise,如果文档与该键匹配,则该promise解析为DataKey;如果没有文档与keyAltName匹配,则返回null。 The promise rejects with an error if an error is thrown.如果抛出错误,promise将以错误拒绝。
// get a key by alt name按alt名称获取键
const keyAltName = 'keyAltName';
const key = await clientEncryption.getKeyByAltName(keyAltName);
if (!key) {
// key is null if there is no matching key如果没有匹配的键,则键为null
}
Finds all the keys currently stored in the keyvault.查找当前存储在键库中的所有键。
This method will not throw.这种方法不会抛出。
a FindCursor over all keys in the keyvault.在键库中的所有键上使用FindCursor。
// fetching all keys
const keys = await clientEncryption.getKeys().toArray();
Adds a keyAltName to a key identified by the provided _id.将keyAltName添加到由提供的_id标识的键中。
This method resolves to/returns the old key value (prior to removing the new altKeyName).此方法解析为/返回旧键值(在删除新的altKeyName之前)。
If the removed keyAltName is the last keyAltName for that key, the 如果删除的keyAltName是该键的最后一个altKeyNames property is unset from the document.keyAltName,则从文档中取消设置altKeyNames属性。
The id of the document to update.要更新的文档的id。
a keyAltName to search for a key键AltName以搜索键
Returns a promise that either resolves to a DataKey if a document matches the key or null if no documents match the id. 返回一个promise,如果文档与该键匹配,则该promise解析为DataKey;如果没有文档与id匹配,则返回null。The promise rejects with an error if an error is thrown.如果抛出错误,promise将以错误拒绝。
// removing a key alt name from a data key从数据键中删除键alt名称
const id = new Binary(); // id is a bson binary subtype 4 object
const keyAltName = 'keyAltName';
const oldKey = await clientEncryption.removeKeyAltName(id, keyAltName);
if (!oldKey) {
// null is returned if there is no matching document with an id matching the supplied id如果没有id与提供的id匹配的匹配文档,则返回null
}
Searches the keyvault for any data keys matching the provided filter. 在键库中搜索与提供的筛选器匹配的任何数据键。If there are matches, rewrapManyDataKey then attempts to re-wrap the data keys using the provided options.如果存在匹配项,则rewriteManyDataKey会尝试使用提供的选项重新包装数据键。
If no matches are found, then no bulk write is performed.如果未找到匹配项,则不执行大容量写入。
// rewrapping all data data keys (using a filter that matches all documents)
const filter = {};
const result = await clientEncryption.rewrapManyDataKey(filter);
if (result.bulkWriteResult != null) {
// keys were re-wrapped, results will be available in the bulkWrite object.
}
// attempting to rewrap all data keys with no matches
const filter = { _id: new Binary() } // assume _id matches no documents in the database
const result = await clientEncryption.rewrapManyDataKey(filter);
if (result.bulkWriteResult == null) {
// no keys matched, `bulkWriteResult` does not exist on the result object
}
Generated using TypeDoc
The public interface for explicit in-use encryption显式在用加密的公共接口