MongoDB Driver API for Node.js (original) (raw)
Class: AutoEncrypter
AutoEncrypter
An internal class to be used by the driver for auto encryption
NOTE: Not meant to be instantiated directly, this is for internal use only.
new AutoEncrypter(client, options)
Create an AutoEncrypter
Note: Do not instantiate this class directly. Rather, supply the relevant options to a MongoClient
Note: Supplying options.schemaMap provides more security than relying on JSON Schemas obtained from the server.
It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending unencrypted data that should be encrypted.
Schemas supplied in the schemaMap only apply to configuring automatic encryption for client side encryption.
Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.
| Name | Type | Description |
|---|---|---|
| client | MongoClient | The client autoEncryption is enabled on |
| options | AutoEncrypter~AutoEncryptionOptions | optional Optional settings |
Example
// Enabling autoEncryption via a MongoClient
const { MongoClient } = require('mongodb');
const client = new MongoClient(URL, {
autoEncryption: {
kmsProviders: {
aws: {
accessKeyId: AWS_ACCESS_KEY,
secretAccessKey: AWS_SECRET_KEY
}
}
}
});
await client.connect();
// From here on, the client will be encrypting / decrypting automatically
Members
innerlogLevelnumber
The level of severity of the log message
| Value | Level |
|---|---|
| 0 | Fatal Error |
| 1 | Error |
| 2 | Warning |
| 3 | Info |
| 4 | Trace |
Type Definitions
Extra options related to the mongocryptd process
Properties:
| Name | Type | Argument | Default | Description |
|---|---|---|---|---|
| mongocryptdURI | string | A local process the driver communicates with to determine how to encrypt values in a command. Defaults to "mongodb://%2Fvar%2Fmongocryptd.sock" if domain sockets are available or "mongodb://localhost:27020" otherwise | ||
| mongocryptdBypassSpawn | boolean | false | If true, autoEncryption will not attempt to spawn a mongocryptd before connecting | |
| mongocryptdSpawnPath | string | The path to the mongocryptd executable on the system | ||
| mongocryptdSpawnArgs | Array. | Command line arguments to use when auto-spawning a mongocryptd |
AutoEncryptionOptionsObject
Configuration options for a automatic client encryption.
Properties:
| Name | Type | Argument | Description |
|---|---|---|---|
| keyVaultClient | MongoClient | A MongoClient used to fetch keys from a key vault | |
| keyVaultNamespace | string | The namespace where keys are stored in the key vault | |
| kmsProviders | KMSProviders | Configuration options that are used by specific KMS providers during key generation, encryption, and decryption. | |
| schemaMap | object | A map of namespaces to a local JSON schema for encryption | |
| bypassAutoEncryption | boolean | Allows the user to bypass auto encryption, maintaining implicit decryption | |
| options.logger | AutoEncrypter~logger | An optional hook to catch logging messages from the underlying encryption engine | |
| extraOptions | AutoEncrypter~AutoEncryptionExtraOptions | Extra options related to the mongocryptd process |
logger(level, message)
A callback that is invoked with logging information from
the underlying C++ Bindings.
| Name | Type | Description |
|---|---|---|
| level | AutoEncrypter~logLevel | The level of logging. |
| message | string | The message to log |