mongoc_auto_encryption_opts_set_kms_providers()#
Synopsis#
void
mongoc_auto_encryption_opts_set_kms_providers (
mongoc_auto_encryption_opts_t *opts, const bson_t *kms_providers);
Parameters#
opts
: The mongoc_auto_encryption_opts_tkms_providers
: Abson_t
containing configuration for an external Key Management Service (KMS).
kms_providers
is a BSON document containing configuration for each KMS provider. Currently aws
, local
, azure
, gcp
, and kmip
are supported. At least one must be specified.
The format for “aws” is as follows:
aws: {
accessKeyId: String,
secretAccessKey: String
}
The format for “local” is as follows:
local: {
key: <96 byte BSON binary of subtype 0> or String /* The master key used to encrypt/decrypt data keys. May be passed as a base64 encoded string. */
}
The format for “azure” is as follows:
azure: {
tenantId: String,
clientId: String,
clientSecret: String,
identityPlatformEndpoint: Optional<String> /* Defaults to login.microsoftonline.com */
}
The format for “gcp” is as follows:
gcp: {
email: String,
privateKey: byte[] or String, /* May be passed as a base64 encoded string. */
endpoint: Optional<String> /* Defaults to oauth2.googleapis.com */
}
The format for “kmip” is as follows:
kmip: {
endpoint: String
}