Options
All
  • Public
  • Public/Protected
  • All
Menu

Interface AutoEncryptionOptions

Hierarchy

  • AutoEncryptionOptions

Index

Properties

Optional bson

bson?: { deserialize: (buffer: Buffer | ArrayBufferView | ArrayBuffer, options?: DeserializeOptions) => Document; serialize: (object: Document, options?: SerializeOptions) => Buffer }

Type declaration

  • deserialize: (buffer: Buffer | ArrayBufferView | ArrayBuffer, options?: DeserializeOptions) => Document
      • (buffer: Buffer | ArrayBufferView | ArrayBuffer, options?: DeserializeOptions): Document
      • Deserialize data as BSON.

        Parameters

        • buffer: Buffer | ArrayBufferView | ArrayBuffer

          the buffer containing the serialized set of BSON documents.

        • Optional options: DeserializeOptions

        Returns Document

        returns the deserialized Javascript Object.

  • serialize: (object: Document, options?: SerializeOptions) => Buffer
      • (object: Document, options?: SerializeOptions): Buffer
      • Serialize a Javascript object.

        Parameters

        • object: Document

          the Javascript object to serialize.

        • Optional options: SerializeOptions

        Returns Buffer

        Buffer object containing the serialized object.

Optional bypassAutoEncryption

bypassAutoEncryption?: boolean

Allows the user to bypass auto encryption, maintaining implicit decryption

Optional extraOptions

extraOptions?: { mongocryptdBypassSpawn?: boolean; mongocryptdSpawnArgs?: string[]; mongocryptdSpawnPath?: string; mongocryptdURI?: string }

Type declaration

  • Optional mongocryptdBypassSpawn?: boolean

    If true, autoEncryption will not attempt to spawn a mongocryptd before connecting

  • Optional mongocryptdSpawnArgs?: string[]

    Command line arguments to use when auto-spawning a mongocryptd

  • Optional mongocryptdSpawnPath?: string

    The path to the mongocryptd executable on the system

  • Optional mongocryptdURI?: string

    A local process the driver communicates with to determine how to encrypt values in a command. Defaults to "mongodb://%2Fvar%2Fmongocryptd.sock" if domain sockets are available or "mongodb://localhost:27020" otherwise

Optional keyVaultClient

keyVaultClient?: MongoClient

A MongoClient used to fetch keys from a key vault

Optional keyVaultNamespace

keyVaultNamespace?: string

The namespace where keys are stored in the key vault

Optional kmsProviders

kmsProviders?: { aws?: { accessKeyId: string; secretAccessKey: string; sessionToken?: string }; azure?: { clientId: string; clientSecret: string; identityPlatformEndpoint?: string; tenantId: string }; gcp?: { email: string; endpoint?: string; privateKey: string | Buffer }; local?: { key: string | Buffer } }

Configuration options that are used by specific KMS providers during key generation, encryption, and decryption.

Type declaration

  • Optional aws?: { accessKeyId: string; secretAccessKey: string; sessionToken?: string }

    Configuration options for using 'aws' as your KMS provider

    • accessKeyId: string

      The access key used for the AWS KMS provider

    • secretAccessKey: string

      The secret access key used for the AWS KMS provider

    • Optional sessionToken?: string

      An optional AWS session token that will be used as the X-Amz-Security-Token header for AWS requests.

  • Optional azure?: { clientId: string; clientSecret: string; identityPlatformEndpoint?: string; tenantId: string }

    Configuration options for using 'azure' as your KMS provider

    • clientId: string

      The client ID to authenticate a registered application

    • clientSecret: string

      The client secret to authenticate a registered application

    • Optional identityPlatformEndpoint?: string

      If present, a host with optional port. E.g. "example.com" or "example.com:443". This is optional, and only needed if customer is using a non-commercial Azure instance (e.g. a government or China account, which use different URLs). Defaults to "login.microsoftonline.com"

    • tenantId: string

      The tenant ID identifies the organization for the account

  • Optional gcp?: { email: string; endpoint?: string; privateKey: string | Buffer }

    Configuration options for using 'gcp' as your KMS provider

    • email: string

      The service account email to authenticate

    • Optional endpoint?: string

      If present, a host with optional port. E.g. "example.com" or "example.com:443". Defaults to "oauth2.googleapis.com"

    • privateKey: string | Buffer

      A PKCS#8 encrypted key. This can either be a base64 string or a binary representation

  • Optional local?: { key: string | Buffer }

    Configuration options for using 'local' as your KMS provider

    • key: string | Buffer

      The master key used to encrypt/decrypt data keys. A 96-byte long Buffer or base64 encoded string.

Optional metadataClient

metadataClient?: MongoClient

Optional options

options?: { logger?: any }

Type declaration

Optional proxyOptions

proxyOptions?: ProxyOptions

Optional schemaMap

schemaMap?: Document

A map of namespaces to a local JSON schema for encryption

NOTE: Supplying options.schemaMap provides more security than relying on JSON Schemas obtained from the server. It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending decrypted data that should be encrypted. Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption. Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.

Generated using TypeDoc