ClientEncryption.createEncryptedCollection()

在此页面上

兼容性
语法
命令字段
行为
例子
了解详情

7.0 版本中的新增功能。

ClientEncryption.createEncryptedCollection(dbName, collName, clientEncOpts): ClientEncryption.createEncryptedCollection creates an encrypted collection specified by collName on the database specified by dbName.

兼容性

此命令可用于以下环境中托管的部署：

MongoDB Atlas：用于云中 MongoDB 部署的完全托管服务

MongoDB Enterprise：基于订阅、自我管理的 MongoDB 版本
MongoDB Community：源代码可用、免费使用且可自行管理的 MongoDB 版本

语法

ClientEncryption.createEncryptedCollection has the following syntax:

clientEncryption = db.getMongo().getClientEncryption()
clientEncryption.createEncryptedCollection(
  dbName,
  collName,
  {
    provider: kmsProviderName,
    createCollectionOptions: encryptedFieldsMap,
    masterKey: customerMasterKeyCredentials
  }
)

命令字段

createEncryptedCollection接受以下字段：

字段	类型	必要性	说明
`dbName`	字符串	必需	Name of the database to encrypt.
`collName`	字符串	必需	Name of the collection to encrypt.
`clientEncOpts`	文档	必需	Options to configure the encrypted collection.
`clientEncOpts.provider`	字符串	必需	KMS you are using to store your Customer Master Key.
`clientEncOpts.createCollectionOptions`	文档	必需	Fields to encrypt. See 步骤 for details on how to configure the `encryptedFieldsMap` object.
`clientEncOpts.masterKey`	文档	Optional	How to get the master key when the KMS Provider is AWS, GCP, or Azure.

行为

The mongosh client-side field level and queryable encryption methods require a database connection configured for client-side encryption. If the current database connection was not initiated with client-side field level encryption enabled, either:

Use the Mongo() constructor from the mongosh to establish a connection with the required client-side field level encryption options. The Mongo() method supports the following Key Management Service (KMS) providers for Customer Master Key (CMK) management:

Use the mongosh command line options to establish a connection with the required options. The command line options only support the Amazon Web Services KMS provider for CMK management.

例子

The following example uses a locally managed KMS for the Queryable Encryption configuration.

创建加密连接

启动 mongosh
运行：
```
mongosh --nodb
```
--nodb表示不连接数据库。
生成密钥string
生成一个基本 64 96 字节的string ：
```
const TEST_LOCAL_KEY = require("crypto").randomBytes(96).toString("base64")
```
创建加密选项对象
要创建客户端字段级加密选项对象，请使用上一步中的 TEST_LOCAL_KEY string ：
```
   var autoEncryptionOpts = {
      "keyVaultNamespace" : "encryption.__dataKeys",
      "kmsProviders" : {
         "local" : {
            "key" : BinData(0, TEST_LOCAL_KEY)
         }
      }
   }
```
创建加密客户端对象
要创建加密的客户端对象，请使用Mongo()构造函数。将 mongodb://myMongo.example.net URI 替换为目标集群的连接string URI 。示例：
```
encryptedClient = Mongo(
   "mongodb://myMongo.example.net:27017/?replSetName=myMongo",
   autoEncryptionOpts
)
```

Specify which Fields to Encrypt

Create an encryptedFieldsMaps to specify which fields to encrypt:

const encryptedFieldsMap = {
  encryptedFields: {
    fields: [
      {
        path: "secretField",
        bsonType: "string",
        queries: { queryType: "equality" },
      },
    ],
  },
};

Create Your Encrypted Collection

Create an encrypted enc.users collection:

clientEncryption = encryptedClient.getClientEncryption();
var result = clientEncryption.createEncryptedCollection(
  "enc",
  "users",
  {
    provider: "local",
    createCollectionOptions: encryptedFieldsMap,
    masterKey: {} // masterKey is optional when provider is local
  }
)

Check Your Result Object

createEncryptedCollection returns a large result object with many fields. Check the value of result.collection to confirm the collection was created in the desired location.

enc> result.collection
enc.users

了解详情

有关在启用客户端字段级加密的情况下启动 MongoDB 连接的完整文档，请参阅Mongo() 。
For a complete example of how to create and query an encrypted collection, see 快速入门.

后退

客户端字段级加密 (Client-Side Field Level Encryption)

来年

ClientEncryption.encrypt