@@ -14,9 +14,18 @@ KeyVault.rewrapManyDataKey()
14
14
15
15
.. method:: KeyVault.rewrapManyDataKey(filter, options)
16
16
17
- ``KeyVault.rewrapManyDataKey`` decrypts multiple data
18
- keys and re-encrypts them with a new ``masterKey``. If a new
19
- ``masterKey`` is not given, the current ``masterKey`` is used.
17
+ Decrypts multiple {+dek-long+}s ({+dek-abbr-no-hover+})
18
+ and re-encrypts them with a new {+cmk-long+} ({+cmk-abbr-no-hover+}).
19
+ Use this method to rotate the {+cmk-abbr-no-hover+} that encrypts your
20
+ {+dek-abbr-no-hover+}s. To learn more about {+cmk-abbr-no-hover+}s
21
+ and {+dek-abbr-no-hover+}s, see :ref:`<csfle-key-architecture>`.
22
+
23
+ You specify a {+cmk-abbr-no-hover+} through the ``masterKey`` parameter.
24
+ If you do not include a ``masterKey`` argument, the method decrypts
25
+ and encrypts each {+dek-abbr-no-hover+} with the {+cmk-abbr-no-hover+}
26
+ referenced in that {+dek-abbr-no-hover+}'s metadata. To learn more about
27
+ the metadata of {+dek-abbr-no-hover+}s, see
28
+ :ref:`<csfle-reference-decryption-metadata>`.
20
29
21
30
``KeyVault.rewrapManyDataKey`` has the following syntax:
22
31
@@ -43,7 +52,7 @@ KeyVault.rewrapManyDataKey()
43
52
44
53
- :ref:`query filter document <document-query-filter>`
45
54
46
- - The query filter for the keyvault collection.
55
+ - The query filter for the keyvault collection
47
56
48
57
* - ``options``
49
58
@@ -56,7 +65,7 @@ KeyVault.rewrapManyDataKey()
56
65
<qe-fundamentals-kms-providers>` (AWS KMS, Azure Key Vault,
57
66
GCP KMS, the local provider, or KMIP)
58
67
- ``masterKey``: A KMS-specific key used to encrypt the new
59
- data key.
68
+ data key
60
69
61
70
:returns:
62
71
@@ -96,14 +105,14 @@ encryption. For specific examples using each supported
96
105
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
97
106
98
107
Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
99
- :method:`KeyVault.rewrapManyDataKey` method to re-wrap the existing
108
+ :method:`KeyVault.rewrapManyDataKey` method to rewrap the existing
100
109
keys in a new ``masterKey``. If no new ``masterKey`` is given, each
101
110
data key retains its respective current ``masterKey``.
102
111
103
- Re-wrap Data Keys with Current``masterKey``
112
+ Rewrap Data Keys with Current ``masterKey``
104
113
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
105
114
106
- The following example show how you can re-wrap each data key with its
115
+ The following example shows how you can rewrap each data key with its
107
116
respective current ``masterKey``:
108
117
109
118
.. code-block:: javascript
@@ -116,7 +125,7 @@ Migrate to a New ``masterKey``
116
125
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
117
126
118
127
The following example shows how you can use
119
- :method:KeyVault.rewrapManyDataKey()` to migrate to a new ``masterKey``:
128
+ :method:` KeyVault.rewrapManyDataKey()` to migrate to a new ``masterKey``:
120
129
121
130
.. code-block:: javascript
122
131
@@ -130,11 +139,11 @@ The following example shows how you can use
130
139
}
131
140
})
132
141
133
- Re-wrap Data Keys that have not been Re-wrapped Recently
134
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
142
+ Rewrap Data Keys That Have Not Been Rewrapped Recently
143
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135
144
136
- The following example shows how to re-wrap data keys that have not
137
- been re-wrapped in the previous thirty days.
145
+ The following example shows how to rewrap data keys that have not
146
+ been rewrapped in the previous thirty days.
138
147
139
148
.. code-block:: javascript
140
149
0 commit comments