Struct mongodb::client_encryption::ClientEncryption
source · pub struct ClientEncryption { /* private fields */ }
in-use-encryption-unstable
only.Expand description
A handle to the key vault. Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.
Implementations§
source§impl ClientEncryption
impl ClientEncryption
sourcepub fn new(
key_vault_client: Client,
key_vault_namespace: Namespace,
kms_providers: impl IntoIterator<Item = (KmsProvider, Document, Option<TlsOptions>)>
) -> Result<Self>
pub fn new( key_vault_client: Client, key_vault_namespace: Namespace, kms_providers: impl IntoIterator<Item = (KmsProvider, Document, Option<TlsOptions>)> ) -> Result<Self>
Initialize a new ClientEncryption
.
let enc = ClientEncryption::new(
kv_client,
kv_namespace,
[
(KmsProvider::Local, doc! { "key": local_key }, None),
(KmsProvider::Kmip, doc! { "endpoint": "localhost:5698" }, None),
]
)?;
sourcepub fn create_data_key(&self, master_key: MasterKey) -> CreateDataKeyAction<'_>
pub fn create_data_key(&self, master_key: MasterKey) -> CreateDataKeyAction<'_>
Creates a new key document and inserts into the key vault collection.
CreateDataKeyAction::run
returns a Binary
(subtype 0x04) with the _id of the created
document as a UUID.
The returned CreateDataKeyAction
must be executed via run
, e.g.
let key = client_encryption
.create_data_key(master_key)
.key_alt_names(["altname1".to_string(), "altname2".to_string()])
.run().await?;
sourcepub async fn delete_key(&self, id: &Binary) -> Result<DeleteResult>
pub async fn delete_key(&self, id: &Binary) -> Result<DeleteResult>
Removes the key document with the given UUID (BSON binary subtype 0x04) from the key vault collection. Returns the result of the internal deleteOne() operation on the key vault collection.
sourcepub async fn get_key(&self, id: &Binary) -> Result<Option<RawDocumentBuf>>
pub async fn get_key(&self, id: &Binary) -> Result<Option<RawDocumentBuf>>
Finds a single key document with the given UUID (BSON binary subtype 0x04). Returns the result of the internal find() operation on the key vault collection.
sourcepub async fn get_keys(&self) -> Result<Cursor<RawDocumentBuf>>
pub async fn get_keys(&self) -> Result<Cursor<RawDocumentBuf>>
Finds all documents in the key vault collection. Returns the result of the internal find() operation on the key vault collection.
sourcepub async fn add_key_alt_name(
&self,
id: &Binary,
key_alt_name: &str
) -> Result<Option<RawDocumentBuf>>
pub async fn add_key_alt_name( &self, id: &Binary, key_alt_name: &str ) -> Result<Option<RawDocumentBuf>>
Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID (BSON binary subtype 0x04). Returns the previous version of the key document.
sourcepub async fn remove_key_alt_name(
&self,
id: &Binary,
key_alt_name: &str
) -> Result<Option<RawDocumentBuf>>
pub async fn remove_key_alt_name( &self, id: &Binary, key_alt_name: &str ) -> Result<Option<RawDocumentBuf>>
Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given UUID (BSON binary subtype 0x04). Returns the previous version of the key document.
sourcepub async fn get_key_by_alt_name(
&self,
key_alt_name: impl AsRef<str>
) -> Result<Option<RawDocumentBuf>>
pub async fn get_key_by_alt_name( &self, key_alt_name: impl AsRef<str> ) -> Result<Option<RawDocumentBuf>>
Returns a key document in the key vault collection with the given keyAltName.
sourcepub fn encrypt(
&self,
value: impl Into<RawBson>,
key: impl Into<EncryptKey>,
algorithm: Algorithm
) -> EncryptAction<'_>
pub fn encrypt( &self, value: impl Into<RawBson>, key: impl Into<EncryptKey>, algorithm: Algorithm ) -> EncryptAction<'_>
Encrypts a BsonValue with a given key and algorithm.
EncryptAction::run
returns a Binary
(subtype 6) containing the encrypted value.
To insert or query with an “Indexed” encrypted payload, use a Client
configured with
AutoEncryptionOptions
. AutoEncryptionOptions.bypass_query_analysis
may be true.
AutoEncryptionOptions.bypass_auto_encryption
must be false.
The returned EncryptAction
must be executed via run
, e.g.
let encrypted = client_encryption
.encrypt(
"plaintext",
key,
Algorithm::AeadAes256CbcHmacSha512Deterministic,
)
.contention_factor(10)
.run().await?;
sourcepub fn encrypt_expression(
&self,
expression: RawDocumentBuf,
key: impl Into<EncryptKey>
) -> EncryptExpressionAction<'_>
pub fn encrypt_expression( &self, expression: RawDocumentBuf, key: impl Into<EncryptKey> ) -> EncryptExpressionAction<'_>
NOTE: This method is experimental only. It is not intended for public use.
Encrypts a match or aggregate expression with the given key.
EncryptExpressionAction::run
returns a Document
containing the encrypted expression.
The expression will be encrypted using the Algorithm::RangePreview
algorithm and the
“rangePreview” query type.
The returned EncryptExpressionAction
must be executed via run
, e.g.
let expression = rawdoc! {
"$and": [
{ "field": { "$gte": 5 } },
{ "field": { "$lte": 10 } },
]
};
let encrypted_expression = client_encryption
.encrypt_expression(
expression,
key,
)
.contention_factor(10)
.run().await?;
sourcepub async fn decrypt<'a>(&self, value: RawBinaryRef<'a>) -> Result<RawBson>
pub async fn decrypt<'a>(&self, value: RawBinaryRef<'a>) -> Result<RawBson>
Decrypts an encrypted value (BSON binary of subtype 6). Returns the original BSON value.
sourcepub async fn create_encrypted_collection(
&self,
db: &Database,
name: impl AsRef<str>,
master_key: MasterKey,
options: CreateCollectionOptions
) -> (Document, Result<()>)
pub async fn create_encrypted_collection( &self, db: &Database, name: impl AsRef<str>, master_key: MasterKey, options: CreateCollectionOptions ) -> (Document, Result<()>)
Creates a new collection with encrypted fields, automatically creating new data encryption
keys when needed based on the configured CreateCollectionOptions::encrypted_fields
.
Returns the potentially updated encrypted_fields
along with status, as keys may have been
created even when a failure occurs.
Does not affect any auto encryption settings on existing MongoClients that are already configured with auto encryption.
Auto Trait Implementations§
impl !Freeze for ClientEncryption
impl !RefUnwindSafe for ClientEncryption
impl Send for ClientEncryption
impl Sync for ClientEncryption
impl Unpin for ClientEncryption
impl !UnwindSafe for ClientEncryption
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> FmtForward for T
impl<T> FmtForward for T
source§fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
self
to use its Binary
implementation when Debug
-formatted.source§fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
self
to use its Display
implementation when
Debug
-formatted.source§fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
self
to use its LowerExp
implementation when
Debug
-formatted.source§fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
self
to use its LowerHex
implementation when
Debug
-formatted.source§fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
self
to use its Octal
implementation when Debug
-formatted.source§fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
self
to use its Pointer
implementation when
Debug
-formatted.source§fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
self
to use its UpperExp
implementation when
Debug
-formatted.source§fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
self
to use its UpperHex
implementation when
Debug
-formatted.source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> Pipe for Twhere
T: ?Sized,
impl<T> Pipe for Twhere
T: ?Sized,
source§fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
source§fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
self
and passes that borrow into the pipe function. Read moresource§fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
self
and passes that borrow into the pipe function. Read moresource§fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
source§fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R
) -> R
fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R ) -> R
source§fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
self
, then passes self.as_ref()
into the pipe function.source§fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
self
, then passes self.as_mut()
into the pipe
function.source§fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
self
, then passes self.deref()
into the pipe function.source§impl<T> Pointable for T
impl<T> Pointable for T
source§impl<T> Tap for T
impl<T> Tap for T
source§fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
Borrow<B>
of a value. Read moresource§fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
BorrowMut<B>
of a value. Read moresource§fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
AsRef<R>
view of a value. Read moresource§fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
AsMut<R>
view of a value. Read moresource§fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
Deref::Target
of a value. Read moresource§fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
Deref::Target
of a value. Read moresource§fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
.tap()
only in debug builds, and is erased in release builds.source§fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
.tap_mut()
only in debug builds, and is erased in release
builds.source§fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
.tap_borrow()
only in debug builds, and is erased in release
builds.source§fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
.tap_borrow_mut()
only in debug builds, and is erased in release
builds.source§fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
.tap_ref()
only in debug builds, and is erased in release
builds.source§fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
.tap_ref_mut()
only in debug builds, and is erased in release
builds.source§fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
.tap_deref()
only in debug builds, and is erased in release
builds.