MongoClient Options for Queryable Encryption
On this page
Overview
View information about the Queryable Encryption specific
configuration options for MongoClient
instances.
AutoEncryptionOpts
Pass an AutoEncryptionOpts
object to your MongoClient
instance to specify Queryable Encryption specific options.
The following table describes the structure of an
AutoEncryptionOpts
object:
Parameter | Type | Required | Description |
---|---|---|---|
|
| No | A If you omit the To learn more about Key Vault collections, see Key Vault Collections. |
| String | Yes | The full namespace of the Key Vault collection. |
| Object | Yes | The Key Management System (KMS) used by Queryable Encryption for managing your Customer Master Keys (CMKs). To learn more about To learn more about Customer Master Keys, see Keys and Key Vaults. |
| Object | No | An encryption schema. To learn how to construct an encryption schema, see Field Encryption and Queryability. |
| Boolean | No | Disables automatic analysis of outgoing commands. Set |
Example
To view a code-snippet demonstrating how to use
AutoEncryptionOpts
to configure your
MongoClient
instance, select the tab corresponding to your driver:
var AutoEncryptionOpts = { "keyVaultClient" : keyVaultClient, "keyVaultNamespace" : "<database>.<collection>", "kmsProviders" : { ... }, "bypassQueryAnalysis": "<boolean value>", // optional - defaults to false "encryptedFieldsMap" : { ... } } cluster = Mongo( "mongodb://myhostexample.net:27017/?replicaSet=myReplicaSet", AutoEncryptionOpts );
const secureClient = new MongoClient(connectionString, { useNewUrlParser: true, useUnifiedTopology: true, monitorCommands: true, autoEncryption: { keyVaultNamespace, kmsProviders, bypassQueryAnalysis, // optional - defaults to false encryptedFieldsMap: patientSchema, extraOptions: extraOptions, }, });
To learn about additional options for configuring Automatic Encryption Shared Library, see Configuration.