Interface ClientEncryptionOptions

Options for user provided custom credential providers.

A MongoClient used to fetch keys from a key vault. Defaults to client.

The namespace of the key vault, used to store encryption keys

Options for specific KMS providers to use

Options for specifying a Socks5 proxy to use for connecting to the KMS.

The timeout setting to be used for all the operations on ClientEncryption.

When provided, timeoutMS is used as the timeout for each operation executed on the ClientEncryption object. For example:

const clientEncryption = new ClientEncryption(client, {
 timeoutMS: 1_000
 kmsProviders: { local: { key: '<KEY>' } }
});

// `1_000` is used as the timeout for createDataKey call
await clientEncryption.createDataKey('local');
Copy

If timeoutMS is configured on the provided client, the client's timeoutMS value will be used unless timeoutMS is also provided as a client encryption option.

const client = new MongoClient('<uri>', { timeoutMS: 2_000 });

// timeoutMS is set to 1_000 on clientEncryption
const clientEncryption = new ClientEncryption(client, {
 timeoutMS: 1_000
 kmsProviders: { local: { key: '<KEY>' } }
});
Copy

TLS options for kms providers to use.