v5.0 change references from mongocryptd to Shared Library (#4906)

* test image change

* change to shared library

* test src constant in svg

* update diagram

* change mongocryptd references to shared library

* typo and TOC

* revert snooty formatting changes

* change specified version to current

* change specified version to current

* revert snooty formatting changes

Author: jordan-smith721

snooty.toml

@@ -223,6 +223,9 @@ pgp-short-fingerprint = "0x4B7C549A058F8B6B"
 windows-sha256 = "C777DF7816BB8C9A760FDEA782113949408B6F39D72BE29A2551FA51E2FE0473"
 source-available = ":github:`source available and free to use <mongodb/mongo>`"
 atlas = "MongoDB Atlas"
+shared-library = "Automatic Encryption Shared Library"
+shared-library-package = "``crypt_shared``"
+
 
 [bundle]
 manpages = "manpages.tar.gz"
@@ -255,4 +258,4 @@ section = 1
 [manpages.mongodb-parameters]
 file = "reference/parameters.txt"
 title = "MongoDB setParameter Options"
-section = 5
+section = 5

source/core/security-automatic-client-side-encryption.txt

@@ -26,7 +26,7 @@ client-side field level encryption, see
 
 Applications must create a database connection object (e.g.
 ``MongoClient``) with the automatic encryption configuration settings.
-The configuration settings must include automatic encryption encryption
+The configuration settings must include automatic encryption
 rules using a strict subset of the `JSON Schema Draft 4 standard syntax
 <https://tools.ietf.org/html/draft-zyp-json-schema-04>`_ and
 encryption-specific schema keywords. Applications do not have to modify
@@ -36,7 +36,7 @@ automatic encryption rules.
 
 The official MongoDB 4.2+ compatible drivers, :binary:`~bin.mongosh`,
 and the MongoDB 4.2 or later legacy :binary:`~bin.mongo` shell use the
-Enterprise-only :ref:`field-level-encryption-mongocryptd` process to
+{+shared-library+} to
 parse the automatic encryption rules and apply the encryption rules when
 reading or writing documents:
 
@@ -52,6 +52,11 @@ reading or writing documents:
   *only if* the driver/shell was configured with access to the keys used
   to protect those values.
 
+The {+shared-library+} is a preferred
+alternative to :ref:`mongocryptd <mongocryptd>` and does not require spawning a new process.
+``mongocryptd`` is still supported. To learn more about the
+{+shared-library+}, see :ref:`csfle-reference-shared-library`.
+
 Enabling Automatic Client-Side Field Level Encryption
 -----------------------------------------------------
 
@@ -68,12 +73,11 @@ For a complete example, see
 :ref:`mongo-connection-automatic-client-side-encryption-enabled`.
 
 Automatic client-side field level encryption requires access to the
-:ref:`mongocryptd` process on the client host machine. See
-:ref:`mongocryptd` for complete documentation on installation. The
+{+shared-library+} on the client host machine. The
 official MongoDB 4.2+ compatible drivers have additional options for
-managing the ``mongocryptd`` process. Generally, the 4.2+ compatible
+managing the {+shared-library+}. Generally, the 4.2+ compatible
 drivers and :binary:`~bin.mongosh` can access the
-``mongocryptd`` process if it is in the system ``PATH``.
+shared library if it is in the system ``PATH``.
 
 Applications must specify the following components when instantiating
 the database connection to enable automatic client-side field level
@@ -138,4 +142,5 @@ encryption enforcement, see
 
    /reference/security-client-side-automatic-json-schema.txt
    /reference/security-client-side-query-aggregation-support.txt
+   /reference/security-client-side-encryption-shared-library.txt
    /reference/security-client-side-encryption-appendix.txt

source/core/security-client-side-encryption.txt

@@ -167,9 +167,11 @@ driver and each encryption component:
   install or link the library. Defer to driver documentation for more
   complete information.
 
-- :ref:`mongocryptd` supports :ref:`field-level-encryption-automatic`
-  and is only available with MongoDB Enterprise. ``mongocryptd`` does
-  not perform cryptographic functions.
+- The {+shared-library+} supports :ref:`field-level-encryption-automatic`
+  and is only available with MongoDB Enterprise. {+shared-library+} does
+  not perform cryptographic functions. The shared library is a preferred
+  alternative to ``mongocryptd`` and does not require spawning a new process.
+  ``mongocryptd`` is still supported.
 
 - The :ref:`Key Vault <field-level-encryption-keyvault>` is a MongoDB
   collection that stores all data encryption keys used to encrypt

source/images/client-side-field-level-encryption-diagram.svg

@@ -148,14 +148,14 @@ or read operations to the ``hr.employees`` collection.
 
    If :autoencryptkeyword:`~encrypt.keyId` or
    :autoencryptkeyword:`~encrypt.algorithm` are omitted, the
-   :ref:`mongocryptd` checks the full tree of parent fields and attempts
+   {+shared-library+} checks the full tree of parent fields and attempts
    to construct those options from the nearest
    :autoencryptkeyword:`encryptMetadata` object that specifies the
    option. :autoencryptkeyword:`~encrypt.bsonType` cannot be inherited
    and *may* be required depending on the value of
    :autoencryptkeyword:`~encrypt.algorithm`.
 
-   If ``mongocryptd`` cannot construct the full ``encrypt`` object using
+   If the {+shared-library+} cannot construct the full ``encrypt`` object using
    the fields specified to the object and any required
    ``encryptMetadata``-inherited keys, automatic encryption fails and
    returns an error.
@@ -174,7 +174,7 @@ or read operations to the ``hr.employees`` collection.
    For complete documentation on the encryption algorithms, see
    :ref:`field-level-encryption-algorithms`.
 
-   If omitted, :ref:`mongocryptd` checks the full tree of parent fields
+   If omitted, the {+shared-library+} checks the full tree of parent fields
    for the nearest :autoencryptkeyword:`encryptMetadata.algorithm` key
    and inherits that value. If no parent
    :autoencryptkeyword:`~encryptMetadata.algorithm` exists, automatic
@@ -237,8 +237,8 @@ or read operations to the ``hr.employees`` collection.
 
   Specify *one* string inside the array.
 
-  If omitted, :ref:`mongocryptd` checks the full tree of parent
-  fields for the nearest 
+  If omitted, the :ref:`{+shared-library+} <csfle-reference-shared-library>`
+  checks the full tree of parent fields for the nearest 
   :autoencryptkeyword:`encryptMetadata.keyId` key and inherits
   that value. If no parent 
   :autoencryptkeyword:`~encryptMetadata.keyId` exists,
@@ -283,7 +283,7 @@ or read operations to the ``hr.employees`` collection.
   Defines encryption options which an :autoencryptkeyword:`encrypt`
   object nested in the sibling ``properties`` may inherit. If an
   :autoencryptkeyword:`encrypt` is missing an option required to support
-  encryption, ``mongocryptd`` searches the entire tree of parent objects
+  encryption, the {+shared-library+} searches the entire tree of parent objects
   to locate an :autoencryptkeyword:`encryptMetadata` object that
   specifies the missing option.
 
@@ -307,7 +307,7 @@ or read operations to the ``hr.employees`` collection.
 
   The encryption algorithm to use to encrypt a given field. If an
   :autoencryptkeyword:`encrypt` object is missing the
-  :autoencryptkeyword:`~encrypt.algorithm` field, ``mongocryptd``
+  :autoencryptkeyword:`~encrypt.algorithm` field, the {+shared-library+}
   searches the entire tree of parent objects to locate an
   :autoencryptkeyword:`encryptMetadata` object that specifies
   :autoencryptkeyword:`encryptMetadata.algorithm`.
@@ -334,7 +334,7 @@ or read operations to the ``hr.employees`` collection.
   Specify *one* string inside the array.
 
   If an :autoencryptkeyword:`encrypt` object is missing the 
-  :autoencryptkeyword:`~encrypt.keyId` field, ``mongocryptd``
+  :autoencryptkeyword:`~encrypt.keyId` field, the {+shared-library+}
   searches the entire tree of parent objects to locate 
   an :autoencryptkeyword:`encryptMetadata` object that
   specifies :autoencryptkeyword:`encryptMetadata.keyId`.

source/reference/security-client-side-automatic-json-schema.txt

@@ -1,19 +1,22 @@
-========
-Appendix
-========
-
-.. default-domain:: mongodb
+===========
+mongocryptd
+===========
 
 .. _field-level-encryption-mongocryptd:
 .. _mongocryptd:
 
 ``mongocryptd``
 ---------------
 
+.. tip:: Use the {+shared-library+}
+
+   If you are starting a new project, use the ``crypt_shared`` encryption helper,
+   referred to as the {+shared-library+}. The {+shared-library+}
+   replaces ``mongocryptd`` and does not require spawning a new process.
+
 .. include:: /includes/extracts/csfle-enterprise-atlas-only.rst
 
-``mongocryptd`` is required for :ref:`automatic field level encryption
-<field-level-encryption-automatic>` and is included as a component in
+``mongocryptd`` is included as a component in
 the :doc:`MongoDB Enterprise Server
 </administration/install-enterprise>` package, or separately as the
 ``mongodb-enterprise-cryptd`` package. ``mongocryptd`` performs

source/reference/security-client-side-encryption-appendix.txt

@@ -0,0 +1,90 @@
+.. _csfle-reference-shared-library:
+
+===================================
+{+shared-library+}
+===================================
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 2
+   :class: singlecol
+
+Overview
+--------
+
+The {+shared-library+} is a **dynamic library** that enables your client
+application to perform :ref:`automatic field level encryption
+<field-level-encryption-automatic>`.
+A dynamic library is a set of functionality accessed
+by an application at runtime rather than compile time.
+The {+shared-library+} performs the following tasks:
+
+- Reads the encryption schema to determine which fields to encrypt or decrypt
+- Prevents your application from executing unsupported operations on encrypted
+  fields
+
+The {+shared-library+} *does not* do any of the following:
+
+- Perform data encryption or decryption
+- Access the encryption key material
+- Listen for data over the network
+
+The {+shared-library+} is a preferred alternative to ``mongocryptd`` and does
+not require you to spawn another process to perform automatic encryption.
+
+.. tip::
+   
+   While we recommend using the {+shared-library+}, ``mongocryptd`` is still supported.
+
+   To learn more about ``mongocryptd``, see :ref:`<field-level-encryption-mongocryptd>`.
+
+.. _csfle-reference-shared-library-download:
+
+Download the {+shared-library+}
+------------------------------------------------
+
+Download the {+shared-library+} from the `MongoDB Download Center <https://www.mongodb.com/try/download/enterprise>`__ by selecting the
+version and platform, then the library: 
+
+#. In the :guilabel:`Version` dropdown, select the version listed as "current."
+#. In the :guilabel:`Platform` dropdown, select your platform.
+#. In the :guilabel:`Package` dropdown, select ``crypt_shared``.
+#. Click :guilabel:`Download`.
+
+.. tip::
+
+   To view an expanded list of available releases and packages, see
+   `MongoDB Enterprise Downloads <https://www.mongodb.com/download-center/enterprise/releases>`__.
+
+.. _csfle-reference-shared-library-configuration:
+
+Configuration
+-------------
+
+You can configure how your driver searches for the {+shared-library+}
+through the following parameters:
+
+.. list-table::
+    :header-rows: 1
+    :stub-columns: 1
+    :widths: 30 70
+
+    * - Name
+      - Description
+
+    * - cryptSharedLibPath
+      - | Specifies the absolute path to the {+shared-library+} package,
+        | {+shared-library-package+}.
+        | **Default**: ``undefined``
+
+    * - cryptSharedLibRequired
+      - | Specifies if the driver must use the {+shared-library+}. If ``true``,
+        | the driver raises an error if the {+shared-library+} is unavailable.
+        | If ``false``, the driver performs the following sequence of actions:
+        
+        #. Attempts to use the {+shared-library+}.
+        #. If the {+shared-library+} is unavailable, the driver attempts to
+           spawn and connect to ``mongocryptd``.
+   
+        | **Default**: ``false``