Skip to content

Commit a03eff2

Browse files
jmd-mongojmd-mongo
authored
backports updated include to v6.0 branch (#2514)
1 parent c70a2e6 commit a03eff2

15 files changed

+60
-65
lines changed

source/includes/csfle-connection-boilerplate-example.rst

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
To configure client-side field level encryption for a locally managed
2+
key:
3+
4+
- generate a base64-encoded 96-byte string with no line breaks
5+
- use :binary:`mongosh` to load the key
6+
7+
.. code-block:: bash
8+
:emphasize-lines: 1
9+
10+
export TEST_LOCAL_KEY=$(echo "$(head -c 96 /dev/urandom | base64 | tr -d '\n')")
11+
12+
mongosh --nodb
13+
14+
Create the client-side field level encryption object using the
15+
generated local key string:
16+
17+
.. code-block:: javascript
18+
:emphasize-lines: 5
19+
20+
var autoEncryptionOpts = {
21+
"keyVaultNamespace" : "encryption.__dataKeys",
22+
"kmsProviders" : {
23+
"local" : {
24+
"key" : BinData(0, process.env["TEST_LOCAL_KEY"])
25+
}
26+
}
27+
}
28+
29+
Use the :method:`Mongo()` constructor with the client-side field level
30+
encryption options configured to create a database connection. Replace
31+
the ``mongodb://myMongo.example.net`` URI with the :ref:`connection
32+
string URI <mongodb-uri>` of the target cluster.
33+
34+
.. code-block:: javascript
35+
:emphasize-lines: 2
36+
37+
encryptedClient = Mongo(
38+
"mongodb://myMongo.example.net:27017/?replSetName=myMongo",
39+
autoEncryptionOpts
40+
)

source/includes/extracts-client-side-field-level-encryption.yaml

Lines changed: 0 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -68,50 +68,6 @@ content: |
6868
variables in the shell to reference the AWS credentials.
6969
7070
---
71-
ref: csfle-connection-boilerplate
72-
content: |
73-
74-
Configuring client-side field level encryption for a locally
75-
managed key requires specifying a base64-encoded 96-byte
76-
string with no line breaks. The following operation generates
77-
a key that meets the stated requirements and loads it into
78-
:binary:`~bin.mongosh`:
79-
80-
.. code-block:: bash
81-
:emphasize-lines: 1
82-
83-
TEST_LOCAL_KEY=$(echo "$(head -c 96 /dev/urandom | base64 | tr -d '\n')")
84-
85-
mongosh --nodb --shell --eval "var TEST_LOCAL_KEY='$TEST_LOCAL_KEY'"
86-
87-
Create the client-side field level encryption object using the
88-
generated local key string:
89-
90-
.. code-block:: javascript
91-
:emphasize-lines: 5
92-
93-
var autoEncryptionOpts = {
94-
"keyVaultNamespace" : "encryption.__dataKeys",
95-
"kmsProviders" : {
96-
"local" : {
97-
"key" : BinData(0, TEST_LOCAL_KEY)
98-
}
99-
}
100-
}
101-
102-
Use the :method:`Mongo()` constructor to create a database connection
103-
with the client-side field level encryption options. Replace the
104-
``mongodb://myMongo.example.net`` URI with the :ref:`connection string
105-
URI <mongodb-uri>` of the target cluster.
106-
107-
.. code-block:: javascript
108-
:emphasize-lines: 2
109-
110-
encryptedClient = Mongo(
111-
"mongodb://myMongo.example.net:27017/?replSetName=myMongo",
112-
autoEncryptionOpts
113-
)
114-
---
11571
ref: csfle-enterprise-atlas-only
11672
content: |
11773

source/reference/method/ClientEncryption.decrypt.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ Example
5454
The following example uses a locally managed KMS for the client-side
5555
field level encryption configuration.
5656

57-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
57+
.. include:: /includes/csfle-connection-boilerplate-example.rst
5858

5959
Retrieve the :method:`ClientEncryption <getClientEncryption()>` object
6060
and use the :method:`ClientEncryption.decrypt()` method to decrypt

source/reference/method/ClientEncryption.encrypt.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ Client-Side Field Level Encryption
174174
The following example uses a locally managed KMS for the client-side
175175
field level encryption configuration.
176176

177-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
177+
.. include:: /includes/csfle-connection-boilerplate-example.rst
178178

179179
Retrieve the :method:`ClientEncryption <getClientEncryption()>` object
180180
and use the :method:`ClientEncryption.encrypt()` method to encrypt

source/reference/method/KeyVault.addKeyAlternateName.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ client-side field level encryption. For specific examples of using
6060
:abbr:`KMS (Key Management Service)` provider, see
6161
:ref:`field-level-encryption-data-key-manage`.
6262

63-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
63+
.. include:: /includes/csfle-connection-boilerplate-example.rst
6464

6565
Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
6666
:method:`KeyVault.addKeyAlternateName()` method to add a new key

source/reference/method/KeyVault.createKey.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,7 @@ client-side field level encryption. For specific examples of using
182182
:abbr:`KMS (Key Management Service)` provider, see
183183
:ref:`qe-field-level-encryption-data-key-create`.
184184

185-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
185+
.. include:: /includes/csfle-connection-boilerplate-example.rst
186186

187187
Retrieve the :method:`keyVault <getKeyVault()>` object and
188188
use the :method:`KeyVault.createKey()` method to

source/reference/method/KeyVault.deleteKey.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ client-side field level encryption. For specific examples of using
4949
:abbr:`KMS (Key Management Service)` provider, see
5050
:ref:`field-level-encryption-data-key-delete`.
5151

52-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
52+
.. include:: /includes/csfle-connection-boilerplate-example.rst
5353

5454
Retrieve the :method:`KeyVault <getKeyVault()>` object and
5555
use the :method:`KeyVault.deleteKey()` method to

source/reference/method/KeyVault.getKey.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ The following example uses a :ref:`locally managed KMS
5454
<field-level-encryption-local-kms>` for the client-side field level
5555
encryption configuration.
5656

57-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
57+
.. include:: /includes/csfle-connection-boilerplate-example.rst
5858

5959
Retrieve the :method:`keyVault <getKeyVault()>` object and
6060
use the :method:`KeyVault.getKey()` to retrieve

source/reference/method/KeyVault.getKeyByAltName.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ Example
4848
The following example uses a locally managed KMS for the client-side
4949
field level encryption configuration.
5050

51-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
51+
.. include:: /includes/csfle-connection-boilerplate-example.rst
5252

5353
Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
5454
:method:`KeyVault.getKeyByAltName()` method to retrieve the data

source/reference/method/KeyVault.getKeys.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ The following example uses a :ref:`locally managed KMS
4848
<field-level-encryption-local-kms>` for the client-side field level
4949
encryption configuration.
5050

51-
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
51+
.. include:: /includes/csfle-connection-boilerplate-example.rst
5252

5353
Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
5454
:method:`KeyVault.getKeys()` method to retrieve all data encryption keys

0 commit comments

Comments
 (0)