Method: Mongo::ClientEncryption#initialize

Defined in:
lib/mongo/client_encryption.rb

#initialize(key_vault_client, options = {}) ⇒ ClientEncryption

Create a new ClientEncryption object with the provided options.

Parameters:

  • key_vault_client (Mongo::Client)

    A Mongo::Client that is connected to the MongoDB instance where the key vault collection is stored.

  • options (Hash) (defaults to: {})

    The ClientEncryption options.

Options Hash (options):

  • :key_vault_namespace (String)

    The name of the key vault collection in the format “database.collection”.

  • :kms_providers (Hash)

    A hash of key management service configuration information. @see Mongo::Crypt::KMS::Credentials for list of options for every supported provider. @note There may be more than one KMS provider specified.

  • :kms_tls_options (Hash)

    TLS options to connect to KMS providers. Keys of the hash should be KSM provider names; values should be hashes of TLS connection options. The options are equivalent to TLS connection options of Mongo::Client. @see Mongo::Client#initialize for list of TLS options.

  • :timeout_ms (Integer)

    The operation timeout in milliseconds. Must be a non-negative integer. An explicit value of 0 means infinite. The default value is unset which means the feature is disabled.

Raises:

  • (ArgumentError)

    If required options are missing or incorrectly formatted.



49
50
51
52
53
54
55
56
 
# File 'lib/mongo/client_encryption.rb', line 49

def initialize(key_vault_client, options = {})
  @encrypter = Crypt::ExplicitEncrypter.new(
    key_vault_client,
    options[:key_vault_namespace],
    Crypt::KMS::Credentials.new(options[:kms_providers]),
    Crypt::KMS::Validations.validate_tls_options(options[:kms_tls_options])
  )
end