From 68cc687f4b688bffc8f4a7bc7c9a37040a3c6bb9 Mon Sep 17 00:00:00 2001 From: Andrew Feierabend Date: Mon, 22 Feb 2021 12:18:50 -0500 Subject: [PATCH] DOCSP-13972 clarify keyID array of single UUID --- ...rity-client-side-automatic-json-schema.txt | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/source/reference/security-client-side-automatic-json-schema.txt b/source/reference/security-client-side-automatic-json-schema.txt index c4b28ac4272..467afcaaaf6 100644 --- a/source/reference/security-client-side-automatic-json-schema.txt +++ b/source/reference/security-client-side-automatic-json-schema.txt @@ -229,12 +229,13 @@ and ``taxid-short`` fields for write or read operations to the .. autoencryptkeyword:: encrypt.keyId - *Array of UUID* + *Array of single UUID* The UUID of the data encryption key to use for encrypting field - values. Specify *one* string inside the array. The UUID is a BSON - `binary data `_ element of subtype - ``4``. + values. The UUID is a BSON `binary data + `_ element of subtype ``4``. + + Specify *one* string inside the array. If omitted, :ref:`mongocryptd` checks the full tree of parent fields for the nearest @@ -327,15 +328,16 @@ and ``taxid-short`` fields for write or read operations to the *Array of single UUID* - The UUID of a data encryption key. If an - :autoencryptkeyword:`encrypt` object is missing the + The UUID of a data encryption key. The UUID is a BSON `binary data + `_ element of subtype ``4``. + + Specify *one* string inside the array. + + If an :autoencryptkeyword:`encrypt` object is missing the :autoencryptkeyword:`~encrypt.keyId` field, ``mongocryptd`` searches the entire tree of parent objects to locate an :autoencryptkeyword:`encryptMetadata` object that specifies :autoencryptkeyword:`encryptMetadata.keyId`. - - The UUID is a BSON `binary data `_ - element of subtype ``4``. The data encryption key *must* exist in the key vault specified as part of the auto encryption :ref:`configuration options