Skip to content

Commit af4fea9

Browse files
(DOCSP-24380) reWrapManyDataKey Update (#1598)
* edits first draft * wip - bad render * tweak * cc - re-wrap to rewrap * cc - issues * tweak * monospace issue * mw - suggestion * mw - edits * mw - suggestion
1 parent f8d4a9d commit af4fea9

File tree

4 files changed

+26
-13
lines changed

4 files changed

+26
-13
lines changed

snooty.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,7 @@ cmk-abbr = ":abbr:`CMK ({+cmk-long+})`"
246246
dek-long = "Data Encryption Key"
247247
dek-abbr = ":abbr:`DEK ({+dek-long+})`"
248248
dek-abbr-no-hover = "DEK"
249+
cmk-abbr-no-hover = "CMK"
249250
key-vault-long = "Key Vault collection"
250251
key-vault-long-title = "Key Vault Collection"
251252
java-driver-version = "4.6"

source/core/csfle/reference/decryption.txt

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ How CSFLE Decrypts Documents
1717
This page describes how {+csfle-abbrev+} uses metadata from your
1818
{+dek-long+} and {+cmk-long+} to decrypt data.
1919

20+
.. _csfle-reference-decryption-metadata:
21+
2022
Metadata Used for Decryption
2123
----------------------------
2224

source/reference/method/KeyVault.rewrapManyDataKey.txt

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,18 @@ KeyVault.rewrapManyDataKey()
1414

1515
.. method:: KeyVault.rewrapManyDataKey(filter, options)
1616

17-
``KeyVault.rewrapManyDataKey`` decrypts multiple data
18-
keys and re-encrypts them with a new ``masterKey``. If a new
19-
``masterKey`` is not given, the current ``masterKey`` is used.
17+
Decrypts multiple {+dek-long+}s ({+dek-abbr-no-hover+})
18+
and re-encrypts them with a new {+cmk-long+} ({+cmk-abbr-no-hover+}).
19+
Use this method to rotate the {+cmk-abbr-no-hover+} that encrypts your
20+
{+dek-abbr-no-hover+}s. To learn more about {+cmk-abbr-no-hover+}s
21+
and {+dek-abbr-no-hover+}s, see :ref:`<csfle-key-architecture>`.
22+
23+
You specify a {+cmk-abbr-no-hover+} through the ``masterKey`` parameter.
24+
If you do not include a ``masterKey`` argument, the method decrypts
25+
and encrypts each {+dek-abbr-no-hover+} with the {+cmk-abbr-no-hover+}
26+
referenced in that {+dek-abbr-no-hover+}'s metadata. To learn more about
27+
the metadata of {+dek-abbr-no-hover+}s, see
28+
:ref:`<csfle-reference-decryption-metadata>`.
2029

2130
``KeyVault.rewrapManyDataKey`` has the following syntax:
2231

@@ -43,7 +52,7 @@ KeyVault.rewrapManyDataKey()
4352

4453
- :ref:`query filter document <document-query-filter>`
4554

46-
- The query filter for the keyvault collection.
55+
- The query filter for the keyvault collection
4756

4857
* - ``options``
4958

@@ -56,7 +65,7 @@ KeyVault.rewrapManyDataKey()
5665
<qe-fundamentals-kms-providers>` (AWS KMS, Azure Key Vault,
5766
GCP KMS, the local provider, or KMIP)
5867
- ``masterKey``: A KMS-specific key used to encrypt the new
59-
data key.
68+
data key
6069

6170
:returns:
6271

@@ -96,14 +105,14 @@ encryption. For specific examples using each supported
96105
.. include:: /includes/extracts/csfle-connection-boilerplate.rst
97106

98107
Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
99-
:method:`KeyVault.rewrapManyDataKey` method to re-wrap the existing
108+
:method:`KeyVault.rewrapManyDataKey` method to rewrap the existing
100109
keys in a new ``masterKey``. If no new ``masterKey`` is given, each
101110
data key retains its respective current ``masterKey``.
102111

103-
Re-wrap Data Keys with Current``masterKey``
112+
Rewrap Data Keys with Current ``masterKey``
104113
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
105114

106-
The following example show how you can re-wrap each data key with its
115+
The following example shows how you can rewrap each data key with its
107116
respective current ``masterKey``:
108117

109118
.. code-block:: javascript
@@ -116,7 +125,7 @@ Migrate to a New ``masterKey``
116125
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
117126

118127
The following example shows how you can use
119-
:method:KeyVault.rewrapManyDataKey()` to migrate to a new ``masterKey``:
128+
:method:`KeyVault.rewrapManyDataKey()` to migrate to a new ``masterKey``:
120129

121130
.. code-block:: javascript
122131

@@ -130,11 +139,11 @@ The following example shows how you can use
130139
}
131140
})
132141

133-
Re-wrap Data Keys that have not been Re-wrapped Recently
134-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
142+
Rewrap Data Keys That Have Not Been Rewrapped Recently
143+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135144

136-
The following example shows how to re-wrap data keys that have not
137-
been re-wrapped in the previous thirty days.
145+
The following example shows how to rewrap data keys that have not
146+
been rewrapped in the previous thirty days.
138147

139148
.. code-block:: javascript
140149

source/reference/method/js-client-side-field-level-encryption.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@ client-side field level encryption.
7777
/reference/method/KeyVault.addKeyAlternateName
7878
/reference/method/KeyVault.removeKeyAlternateName
7979
/reference/method/KeyVault.getKeyByAltName
80+
/reference/method/KeyVault.rewrapManyDataKey
8081
/reference/method/getClientEncryption
8182
/reference/method/ClientEncryption.encrypt
8283
/reference/method/ClientEncryption.decrypt

0 commit comments

Comments
 (0)