MCPcopy Index your code
hub / github.com/mongodb/mongo-python-driver / __init__

Method __init__

pymongo/encryption_options.py:58–258  ·  view source on GitHub ↗

Options to configure automatic client-side field level encryption. Automatic client-side field level encryption requires MongoDB >=4.2 enterprise or a MongoDB >=4.2 Atlas cluster. Automatic encryption is not supported for operations on a database or view and will result in

(
        self,
        kms_providers: Mapping[str, Any],
        key_vault_namespace: str,
        key_vault_client: Optional[_AgnosticMongoClient] = None,
        schema_map: Optional[Mapping[str, Any]] = None,
        bypass_auto_encryption: bool = False,
        mongocryptd_uri: str = "mongodb://localhost:27020",
        mongocryptd_bypass_spawn: bool = False,
        mongocryptd_spawn_path: str = "mongocryptd",
        mongocryptd_spawn_args: Optional[list[str]] = None,
        kms_tls_options: Optional[Mapping[str, Any]] = None,
        crypt_shared_lib_path: Optional[str] = None,
        crypt_shared_lib_required: bool = False,
        bypass_query_analysis: bool = False,
        encrypted_fields_map: Optional[Mapping[str, Any]] = None,
        key_expiration_ms: Optional[int] = None,
    )

Source from the content-addressed store, hash-verified

56 """Options to configure automatic client-side field level encryption."""
57
58 def __init__(
59 self,
60 kms_providers: Mapping[str, Any],
61 key_vault_namespace: str,
62 key_vault_client: Optional[_AgnosticMongoClient] = None,
63 schema_map: Optional[Mapping[str, Any]] = None,
64 bypass_auto_encryption: bool = False,
65 mongocryptd_uri: str = "mongodb://localhost:27020",
66 mongocryptd_bypass_spawn: bool = False,
67 mongocryptd_spawn_path: str = "mongocryptd",
68 mongocryptd_spawn_args: Optional[list[str]] = None,
69 kms_tls_options: Optional[Mapping[str, Any]] = None,
70 crypt_shared_lib_path: Optional[str] = None,
71 crypt_shared_lib_required: bool = False,
72 bypass_query_analysis: bool = False,
73 encrypted_fields_map: Optional[Mapping[str, Any]] = None,
74 key_expiration_ms: Optional[int] = None,
75 ) -> None:
76 """Options to configure automatic client-side field level encryption.
77
78 Automatic client-side field level encryption requires MongoDB >=4.2
79 enterprise or a MongoDB >=4.2 Atlas cluster. Automatic encryption is not
80 supported for operations on a database or view and will result in
81 error.
82
83 Although automatic encryption requires MongoDB >=4.2 enterprise or a
84 MongoDB >=4.2 Atlas cluster, automatic *decryption* is supported for all
85 users. To configure automatic *decryption* without automatic
86 *encryption* set ``bypass_auto_encryption=True``. Explicit
87 encryption and explicit decryption is also supported for all users
88 with the :class:`~pymongo.asynchronous.encryption.AsyncClientEncryption` and :class:`~pymongo.encryption.ClientEncryption` classes.
89
90 See `client-side field level encryption <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/security/in-use-encryption/#client-side-field-level-encryption>`_ for an example.
91
92 :param kms_providers: Map of KMS provider options. The `kms_providers`
93 map values differ by provider:
94
95 - `aws`: Map with "accessKeyId" and "secretAccessKey" as strings.
96 These are the AWS access key ID and AWS secret access key used
97 to generate KMS messages. An optional "sessionToken" may be
98 included to support temporary AWS credentials.
99 - `azure`: Map with "tenantId", "clientId", and "clientSecret" as
100 strings. Additionally, "identityPlatformEndpoint" may also be
101 specified as a string (defaults to 'login.microsoftonline.com').
102 These are the Azure Active Directory credentials used to
103 generate Azure Key Vault messages.
104 - `gcp`: Map with "email" as a string and "privateKey"
105 as `bytes` or a base64 encoded string.
106 Additionally, "endpoint" may also be specified as a string
107 (defaults to 'oauth2.googleapis.com'). These are the
108 credentials used to generate Google Cloud KMS messages.
109 - `kmip`: Map with "endpoint" as a host with required port.
110 For example: ``{"endpoint": "example.com:443"}``.
111 - `local`: Map with "key" as `bytes` (96 bytes in length) or
112 a base64 encoded string which decodes
113 to 96 bytes. "key" is the master key used to encrypt/decrypt
114 data keys. This key should be generated and stored as securely
115 as possible.

Callers

nothing calls this directly

Calls 3

ConfigurationErrorClass · 0.90
validate_is_mappingFunction · 0.90
check_min_pymongocryptFunction · 0.85

Tested by

no test coverage detected