MCPcopy Index your code
hub / github.com/mongodb/mongo-python-driver / AutoEncryptionOpts

Class AutoEncryptionOpts

pymongo/encryption_options.py:55–268  ·  view source on GitHub ↗

Options to configure automatic client-side field level encryption.

Source from the content-addressed store, hash-verified

53
54
55class AutoEncryptionOpts:
56 """Options to configure automatic client-side field level encryption."""
57
58 def __init__(
59 self,
60 kms_providers: Mapping[str, Any],
61 key_vault_namespace: str,
62 key_vault_client: Optional[_AgnosticMongoClient] = None,
63 schema_map: Optional[Mapping[str, Any]] = None,
64 bypass_auto_encryption: bool = False,
65 mongocryptd_uri: str = "mongodb://localhost:27020",
66 mongocryptd_bypass_spawn: bool = False,
67 mongocryptd_spawn_path: str = "mongocryptd",
68 mongocryptd_spawn_args: Optional[list[str]] = None,
69 kms_tls_options: Optional[Mapping[str, Any]] = None,
70 crypt_shared_lib_path: Optional[str] = None,
71 crypt_shared_lib_required: bool = False,
72 bypass_query_analysis: bool = False,
73 encrypted_fields_map: Optional[Mapping[str, Any]] = None,
74 key_expiration_ms: Optional[int] = None,
75 ) -> None:
76 """Options to configure automatic client-side field level encryption.
77
78 Automatic client-side field level encryption requires MongoDB >=4.2
79 enterprise or a MongoDB >=4.2 Atlas cluster. Automatic encryption is not
80 supported for operations on a database or view and will result in
81 error.
82
83 Although automatic encryption requires MongoDB >=4.2 enterprise or a
84 MongoDB >=4.2 Atlas cluster, automatic *decryption* is supported for all
85 users. To configure automatic *decryption* without automatic
86 *encryption* set ``bypass_auto_encryption=True``. Explicit
87 encryption and explicit decryption is also supported for all users
88 with the :class:`~pymongo.asynchronous.encryption.AsyncClientEncryption` and :class:`~pymongo.encryption.ClientEncryption` classes.
89
90 See `client-side field level encryption <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/security/in-use-encryption/#client-side-field-level-encryption>`_ for an example.
91
92 :param kms_providers: Map of KMS provider options. The `kms_providers`
93 map values differ by provider:
94
95 - `aws`: Map with "accessKeyId" and "secretAccessKey" as strings.
96 These are the AWS access key ID and AWS secret access key used
97 to generate KMS messages. An optional "sessionToken" may be
98 included to support temporary AWS credentials.
99 - `azure`: Map with "tenantId", "clientId", and "clientSecret" as
100 strings. Additionally, "identityPlatformEndpoint" may also be
101 specified as a string (defaults to 'login.microsoftonline.com').
102 These are the Azure Active Directory credentials used to
103 generate Azure Key Vault messages.
104 - `gcp`: Map with "email" as a string and "privateKey"
105 as `bytes` or a base64 encoded string.
106 Additionally, "endpoint" may also be specified as a string
107 (defaults to 'oauth2.googleapis.com'). These are the
108 credentials used to generate Google Cloud KMS messages.
109 - `kmip`: Map with "endpoint" as a host with required port.
110 For example: ``{"endpoint": "example.com:443"}``.
111 - `local`: Map with "key" as `bytes` (96 bytes in length) or
112 a base64 encoded string which decodes

Calls

no outgoing calls