PHP 8.4.0 RC4 available for testing

MongoDB\Driver\ClientEncryption::rewrapManyDataKey

(mongodb >=1.15.0)

MongoDB\Driver\ClientEncryption::rewrapManyDataKeyRewraps data keys

Descripción

final public MongoDB\Driver\ClientEncryption::rewrapManyDataKey(array|object $filter, ?array $options = null): object

Rewraps (i.e. decrypts and re-encrypts) zero or more data keys in the key vault collection that match the given filter.

If the "provider" option is not specified, matching data keys will be rewrapped with their current KMS provider. Otherwise, matching data keys will be re-encrypted according to the specified "provider" and "masterKey" options.

Parámetros

filter (array|object)

El » predicado de la consulta. Un predicado vacío coincidirá con todos los documentos de una colección.

Nota: Al evaluar criterios de consulta, MongoDB compara tipos y valores según sus propias » reglas de comparación para tipos BSON, lo cual difiere de las reglas de comparación y manejo de tipos de PHP. Al encontrar un tipo BSON especial, los criterios de consulta deben utilizar la clase BSON respectiva (p.ej. usar MongoDB\BSON\ObjectID al encontrar un » ObjectID).

options

RewrapManyDataKey options
Option Type Description
provider string

The KMS provider (e.g. "local", "aws") that will be used to re-encrypt the matched data keys.

If a KMS provider is not specified, matched data keys will be re-encrypted with their current KMS provider.

masterKey array

The masterKey identifies a KMS-specific key used to encrypt the new data key. This option should not be specified without the "provider" option. This option is required if "provider" is specified and not "local".

"aws" provider options
Option Type Description
region string Required.
key string Required. The Amazon Resource Name (ARN) to the AWS customer master key (CMK).
endpoint string Optional. An alternate host identifier to send KMS requests to. May include port number.

"azure" provider options
Option Type Description
keyVaultEndpoint string Required. Host with optional port (e.g. "example.vault.azure.net").
keyName string Required.
keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version.

"gcp" provider options
Option Type Description
projectId string Required.
location string Required.
keyRing string Required.
keyName string Required.
keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version.
endpoint string Optional. Host with optional port. Defaults to "cloudkms.googleapis.com".

"kmip" provider options
Option Type Description
keyId string Optional. Unique identifier to a 96-byte KMIP secret data managed object. If unspecified, the driver creates a random 96-byte KMIP secret data managed object.
endpoint string Optional. Host with optional port.

Valores devueltos

Returns an object, which will have an optional bulkWriteResult property containing the result of the internal bulkWrite operation as an object. If no data keys matched the filter or the write was unacknowledged, the bulkWriteResult property will be null.

Errores/Excepciones

add a note

User Contributed Notes

There are no user contributed notes for this page.
To Top