@@ -14,9 +14,18 @@ KeyVault.rewrapManyDataKey()
1414
1515.. method:: KeyVault.rewrapManyDataKey(filter, options)
1616
17- ``KeyVault.rewrapManyDataKey`` decrypts multiple data
18- keys and re-encrypts them with a new ``masterKey``. If a new
19- ``masterKey`` is not given, the current ``masterKey`` is used.
17+ Decrypts multiple {+dek-long+}s ({+dek-abbr-no-hover+})
18+ and re-encrypts them with a new {+cmk-long+} ({+cmk-abbr-no-hover+}).
19+ Use this method to rotate the {+cmk-abbr-no-hover+} that encrypts your
20+ {+dek-abbr-no-hover+}s. To learn more about {+cmk-abbr-no-hover+}s
21+ and {+dek-abbr-no-hover+}s, see :ref:`<csfle-key-architecture>`.
22+
23+ You specify a {+cmk-abbr-no-hover+} through the ``masterKey`` parameter.
24+ If you do not include a ``masterKey`` argument, the method decrypts
25+ and encrypts each {+dek-abbr-no-hover+} with the {+cmk-abbr-no-hover+}
26+ referenced in that {+dek-abbr-no-hover+}'s metadata. To learn more about
27+ the metadata of {+dek-abbr-no-hover+}s, see
28+ :ref:`<csfle-reference-decryption-metadata>`.
2029
2130 ``KeyVault.rewrapManyDataKey`` has the following syntax:
2231
@@ -43,7 +52,7 @@ KeyVault.rewrapManyDataKey()
4352
4453 - :ref:`query filter document <document-query-filter>`
4554
46- - The query filter for the keyvault collection.
55+ - The query filter for the keyvault collection
4756
4857 * - ``options``
4958
@@ -56,7 +65,7 @@ KeyVault.rewrapManyDataKey()
5665 <qe-fundamentals-kms-providers>` (AWS KMS, Azure Key Vault,
5766 GCP KMS, the local provider, or KMIP)
5867 - ``masterKey``: A KMS-specific key used to encrypt the new
59- data key.
68+ data key
6069
6170 :returns:
6271
@@ -96,14 +105,14 @@ encryption. For specific examples using each supported
96105.. include:: /includes/extracts/csfle-connection-boilerplate.rst
97106
98107Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
99- :method:`KeyVault.rewrapManyDataKey` method to re-wrap the existing
108+ :method:`KeyVault.rewrapManyDataKey` method to rewrap the existing
100109keys in a new ``masterKey``. If no new ``masterKey`` is given, each
101110data key retains its respective current ``masterKey``.
102111
103- Re-wrap Data Keys with Current``masterKey``
112+ Rewrap Data Keys with Current ``masterKey``
104113~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
105114
106- The following example show how you can re-wrap each data key with its
115+ The following example shows how you can rewrap each data key with its
107116respective current ``masterKey``:
108117
109118.. code-block:: javascript
@@ -116,7 +125,7 @@ Migrate to a New ``masterKey``
116125~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
117126
118127The following example shows how you can use
119- :method:KeyVault.rewrapManyDataKey()` to migrate to a new ``masterKey``:
128+ :method:` KeyVault.rewrapManyDataKey()` to migrate to a new ``masterKey``:
120129
121130.. code-block:: javascript
122131
@@ -130,11 +139,11 @@ The following example shows how you can use
130139 }
131140 })
132141
133- Re-wrap Data Keys that have not been Re-wrapped Recently
134- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
142+ Rewrap Data Keys That Have Not Been Rewrapped Recently
143+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135144
136- The following example shows how to re-wrap data keys that have not
137- been re-wrapped in the previous thirty days.
145+ The following example shows how to rewrap data keys that have not
146+ been rewrapped in the previous thirty days.
138147
139148.. code-block:: javascript
140149
0 commit comments