pub struct ClientEncryption { /* private fields */ }
in-use-encryption
only.Expand description
A handle to the key vault. Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.
Implementations§
Source§impl ClientEncryption
impl ClientEncryption
Sourcepub fn create_data_key(
&self,
master_key: impl Into<MasterKey>,
) -> CreateDataKey<'_>
pub fn create_data_key( &self, master_key: impl Into<MasterKey>, ) -> CreateDataKey<'_>
Source§impl ClientEncryption
impl ClientEncryption
Sourcepub fn create_encrypted_collection<'a>(
&'a self,
db: &'a Database,
name: &'a str,
master_key: MasterKey,
) -> CreateEncryptedCollection<'a>
pub fn create_encrypted_collection<'a>( &'a self, db: &'a Database, name: &'a str, master_key: MasterKey, ) -> CreateEncryptedCollection<'a>
Creates a new collection with encrypted fields, automatically creating new data encryption
keys when needed based on the configured CreateCollectionOptions::encrypted_fields
.
await
will return (Document, Result<()>)
containing the potentially updated
encrypted_fields
along with the collection creation status, as keys may have been created
even when a failure occurs.
Does not affect any auto encryption settings on existing MongoClients that are already configured with auto encryption.
These methods can be chained before .await
to set options:
Source§impl ClientEncryption
impl ClientEncryption
Sourcepub fn encrypt(
&self,
value: impl Into<RawBson>,
key: impl Into<EncryptKey>,
algorithm: Algorithm,
) -> Encrypt<'_>
pub fn encrypt( &self, value: impl Into<RawBson>, key: impl Into<EncryptKey>, algorithm: Algorithm, ) -> Encrypt<'_>
Encrypts a BsonValue with a given key and algorithm.
To insert or query with an “Indexed” encrypted payload, use a Client
configured with
AutoEncryptionOptions
. AutoEncryptionOptions.bypass_query_analysis
may be true.
AutoEncryptionOptions.bypass_auto_encryption
must be false.
await
will return a Result<Binary>
(subtype 6) containing the encrypted value.
These methods can be chained before .await
to set options:
Sourcepub fn encrypt_expression(
&self,
expression: RawDocumentBuf,
key: impl Into<EncryptKey>,
) -> Encrypt<'_, Expression>
pub fn encrypt_expression( &self, expression: RawDocumentBuf, key: impl Into<EncryptKey>, ) -> Encrypt<'_, Expression>
Encrypts a Match Expression or Aggregate Expression to query a range index.
expression
is expected to be a BSON document of one of the following forms:
- A Match Expression of this form:
{$and: [{<field>: {$gt: <value1>}}, {<field>: {$lt: <value2> }}]}
- An Aggregate Expression of this form:
{$and: [{$gt: [<fieldpath>, <value1>]}, {$lt: [<fieldpath>, <value2>]}]
For either expression, $gt
may also be $gte
, and $lt
may also be $lte
.
The expression will be encrypted using the Algorithm::Range
algorithm and the
“range” query type. It is not valid to set a query type in EncryptOptions
when calling
this method.
await
will return a Result<Document>
containing the encrypted expression.
These methods can be chained before .await
to set options:
Source§impl ClientEncryption
impl ClientEncryption
Sourcepub fn new(
key_vault_client: Client,
key_vault_namespace: Namespace,
kms_providers: impl IntoIterator<Item = (KmsProvider, Document, Option<TlsOptions>)>,
) -> Result<Self>
pub fn new( key_vault_client: Client, key_vault_namespace: Namespace, kms_providers: impl IntoIterator<Item = (KmsProvider, Document, Option<TlsOptions>)>, ) -> Result<Self>
Initialize a new ClientEncryption
.
let enc = ClientEncryption::new(
kv_client,
kv_namespace,
[
(KmsProvider::Local, doc! { "key": local_key }, None),
(KmsProvider::Kmip, doc! { "endpoint": "localhost:5698" }, None),
]
)?;
Sourcepub fn builder(
key_vault_client: Client,
key_vault_namespace: Namespace,
kms_providers: impl IntoIterator<Item = (KmsProvider, Document, Option<TlsOptions>)>,
) -> ClientEncryptionBuilder
pub fn builder( key_vault_client: Client, key_vault_namespace: Namespace, kms_providers: impl IntoIterator<Item = (KmsProvider, Document, Option<TlsOptions>)>, ) -> ClientEncryptionBuilder
Initialize a builder to construct a ClientEncryption
. Methods on
ClientEncryptionBuilder
can be chained to set options.
let enc = ClientEncryption::builder(
kv_client,
kv_namespace,
[
(KmsProvider::Local, doc! { "key": local_key }, None),
(KmsProvider::Kmip, doc! { "endpoint": "localhost:5698" }, None),
]
)
.build()?;
Sourcepub async fn delete_key(&self, id: &Binary) -> Result<DeleteResult>
pub async fn delete_key(&self, id: &Binary) -> Result<DeleteResult>
Removes the key document with the given UUID (BSON binary subtype 0x04) from the key vault collection. Returns the result of the internal deleteOne() operation on the key vault collection.
Sourcepub async fn get_key(&self, id: &Binary) -> Result<Option<RawDocumentBuf>>
pub async fn get_key(&self, id: &Binary) -> Result<Option<RawDocumentBuf>>
Finds a single key document with the given UUID (BSON binary subtype 0x04). Returns the result of the internal find() operation on the key vault collection.
Sourcepub async fn get_keys(&self) -> Result<Cursor<RawDocumentBuf>>
pub async fn get_keys(&self) -> Result<Cursor<RawDocumentBuf>>
Finds all documents in the key vault collection. Returns the result of the internal find() operation on the key vault collection.
Sourcepub async fn add_key_alt_name(
&self,
id: &Binary,
key_alt_name: &str,
) -> Result<Option<RawDocumentBuf>>
pub async fn add_key_alt_name( &self, id: &Binary, key_alt_name: &str, ) -> Result<Option<RawDocumentBuf>>
Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID (BSON binary subtype 0x04). Returns the previous version of the key document.
Sourcepub async fn remove_key_alt_name(
&self,
id: &Binary,
key_alt_name: &str,
) -> Result<Option<RawDocumentBuf>>
pub async fn remove_key_alt_name( &self, id: &Binary, key_alt_name: &str, ) -> Result<Option<RawDocumentBuf>>
Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given UUID (BSON binary subtype 0x04). Returns the previous version of the key document.
Sourcepub async fn get_key_by_alt_name(
&self,
key_alt_name: impl AsRef<str>,
) -> Result<Option<RawDocumentBuf>>
pub async fn get_key_by_alt_name( &self, key_alt_name: impl AsRef<str>, ) -> Result<Option<RawDocumentBuf>>
Returns a key document in the key vault collection with the given keyAltName.
Sourcepub async fn decrypt(&self, value: RawBinaryRef<'_>) -> Result<RawBson>
pub async fn decrypt(&self, value: RawBinaryRef<'_>) -> Result<RawBson>
Decrypts an encrypted value (BSON binary of subtype 6). Returns the original BSON value.
Auto Trait Implementations§
impl !Freeze for ClientEncryption
impl !RefUnwindSafe for ClientEncryption
impl Send for ClientEncryption
impl Sync for ClientEncryption
impl Unpin for ClientEncryption
impl !UnwindSafe for ClientEncryption
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> FmtForward for T
impl<T> FmtForward for T
Source§fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
self
to use its Binary
implementation when Debug
-formatted.Source§fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
self
to use its Display
implementation when
Debug
-formatted.Source§fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
self
to use its LowerExp
implementation when
Debug
-formatted.Source§fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
self
to use its LowerHex
implementation when
Debug
-formatted.Source§fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
self
to use its Octal
implementation when Debug
-formatted.Source§fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
self
to use its Pointer
implementation when
Debug
-formatted.Source§fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
self
to use its UpperExp
implementation when
Debug
-formatted.Source§fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
self
to use its UpperHex
implementation when
Debug
-formatted.Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§impl<T> Pipe for Twhere
T: ?Sized,
impl<T> Pipe for Twhere
T: ?Sized,
Source§fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
Source§fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
self
and passes that borrow into the pipe function. Read moreSource§fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
self
and passes that borrow into the pipe function. Read moreSource§fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
Source§fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R,
) -> R
fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
Source§fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
self
, then passes self.as_ref()
into the pipe function.Source§fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
self
, then passes self.as_mut()
into the pipe
function.Source§fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
self
, then passes self.deref()
into the pipe function.Source§impl<T> Pointable for T
impl<T> Pointable for T
Source§impl<T> Tap for T
impl<T> Tap for T
Source§fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
Borrow<B>
of a value. Read moreSource§fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
BorrowMut<B>
of a value. Read moreSource§fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
AsRef<R>
view of a value. Read moreSource§fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
AsMut<R>
view of a value. Read moreSource§fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
Deref::Target
of a value. Read moreSource§fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
Deref::Target
of a value. Read moreSource§fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
.tap()
only in debug builds, and is erased in release builds.Source§fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
.tap_mut()
only in debug builds, and is erased in release
builds.Source§fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
.tap_borrow()
only in debug builds, and is erased in release
builds.Source§fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
.tap_borrow_mut()
only in debug builds, and is erased in release
builds.Source§fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
.tap_ref()
only in debug builds, and is erased in release
builds.Source§fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
.tap_ref_mut()
only in debug builds, and is erased in release
builds.Source§fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
.tap_deref()
only in debug builds, and is erased in release
builds.