CSFLE-Specific MongoClient Options

~~On this page~~本页内容

~~Overview~~概述
AutoEncryptionOpts
~~Example~~实例

MongoDB's Queryable Encryption feature is available (GA) in MongoDB 7.0 and later. To learn more about Queryable Encryption and compare its benefits with Client-Side Field Level Encryption, see Queryable Encryption.

Overview概述

View information about the Client-Side Field Level Encryption (CSFLE)-specific configuration options for MongoClient instances.

AutoEncryptionOpts

Pass an autoEncryptionOpts object to your MongoClient instance to specify CSFLE-specific options.

The following table describes the structure of an autoEncryptionOpts object:

~~Parameter~~参数	~~Type~~类型	Required	~~Description~~描述
`keyVaultClient`	`MongoClient`	No	A `MongoClient` instance configured to connect to the MongoDB instance hosting your Key Vault collection. If you omit the `keyVaultClient` option, the MongoDB instance specified to your `MongoClient` instance containing the `autoEncryptionOpts` configuration is used as the host of your Key Vault collection. To learn more about Key Vault collections, see Key Vault Collections.
`keyVaultNamespace`	String	Yes	The full namespace of the Key Vault collection.
`kmsProviders`	Object	Yes	The Key Management System (KMS) used by Client-Side Field Level Encryption for managing your Customer Master Keys (CMKs). To learn more about `kmsProviders` objects, see CSFLE KMS Providers. To learn more about Customer Master Keys, see Keys and Key Vaults.
`tlsOptions`	Object	No	An object that maps Key Management System provider names to TLS configuration options. To learn more about TLS options see: TLS Options. To learn more about TLS see: TLS/SSL (Transport Encryption).
`schemaMap`	Object	No	An encryption schema. To learn how to construct an encryption schema, see Encryption Schemas. For complete documentation of encryption schemas, see CSFLE Encryption Schemas.
`bypassAutoEncryption`	Boolean	No	Specify `true` to bypass automatic Client-Side Field Level Encryption rules and perform explicit encryption. `bypassAutoEncryption` does not disable automatic decryption. To learn more about this option, see Automatic Decryption.

Example实例

To view a code-snippet demonstrating how to use autoEncryptionOpts to configure your MongoClient instance, select the tab corresponding to your driver:

MongoDB Shell C#Go Java (Sync)Node.js Python

const secureClient = new MongoClient(connectionString, {
  useNewUrlParser: true,
  useUnifiedTopology: true,
  monitorCommands: true,
  autoEncryption: {
    keyVaultNamespace,
    kmsProviders,
    schemaMap: patientSchema,
    extraOptions: extraOptions,
  },
});

← Supported Operations for Automatic Encryption CSFLE KMS Providers →