mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-15 08:28:54 +00:00
Document support for AWS and GCP KMS providers
https://jira.mongodb.org/browse/PHPC-1684
This commit is contained in:
Jeremy Mikola
parent
e819dffaf9
commit
a034564b4a
4 changed files with 178 additions and 7 deletions
|
|
@ -2452,10 +2452,10 @@ used.</para>'>
|
|||
<entry><type>array</type></entry>
|
||||
<entry>
|
||||
<para>
|
||||
A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Currently <literal>aws</literal> or <literal>local</literal> are supported and at least one must be specified.
|
||||
A document containing the configuration for one or more KMS providers, which are used to encrypt data keys. Currently <literal>"aws"</literal>, <literal>"azure"</literal>, <literal>"gcp"</literal>, and <literal>"local"</literal> are supported and at least one must be specified.
|
||||
</para>
|
||||
<para>
|
||||
The format for <literal>aws</literal> is as follows:
|
||||
The format for <literal>"aws"</literal> is as follows:
|
||||
</para>
|
||||
<programlisting role="javascript">
|
||||
<![CDATA[
|
||||
|
|
@ -2466,7 +2466,34 @@ aws: {
|
|||
]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
The format for <literal>local</literal> is as follows:
|
||||
The format for <literal>"azure"</literal> is as follows:
|
||||
</para>
|
||||
<programlisting role="javascript">
|
||||
<![CDATA[
|
||||
azure: {
|
||||
tenantId: <string>,
|
||||
clientId: <string>,
|
||||
clientSecret: <string>,
|
||||
identityPlatformEndpoint: <optional string> // Defaults to "login.microsoftonline.com"
|
||||
|
||||
}
|
||||
]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
The format for <literal>"gcp"</literal> is as follows:
|
||||
</para>
|
||||
<programlisting role="javascript">
|
||||
<![CDATA[
|
||||
aws: {
|
||||
email: <string>,
|
||||
privateKey: <MongoDB\BSON\Binary with subtype 0>,
|
||||
endpoint: <optional string> // Defaults to "oauth2.googleapis.com"
|
||||
|
||||
}
|
||||
]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
The format for <literal>"local"</literal> is as follows:
|
||||
</para>
|
||||
<programlisting role="javascript">
|
||||
<![CDATA[
|
||||
|
|
|
|||
|
|
@ -26,8 +26,10 @@
|
|||
<term><parameter>kmsProvider</parameter></term>
|
||||
<listitem>
|
||||
<para>
|
||||
The KMS provider (<literal>"local"</literal> or <literal>"aws"</literal>) that
|
||||
will be used to encrypt the new encryption key.
|
||||
The KMS provider (e.g. <literal>"local"</literal>,
|
||||
<literal>"aws"</literal>, <literal>"azure"</literal>,
|
||||
<literal>"gcp"</literal>) that will be used to encrypt the new encryption
|
||||
key.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
@ -53,8 +55,12 @@
|
|||
<entry>
|
||||
<para>
|
||||
The masterKey identifies a KMS-specific key used to encrypt the new
|
||||
data key. If the kmsProvider is <literal>aws</literal> it is
|
||||
required and has the following fields:
|
||||
data key. This option is required unless
|
||||
<parameter>kmsProvider</parameter> is <literal>"local"</literal>.
|
||||
</para>
|
||||
<para>
|
||||
If <parameter>kmsProvider</parameter> is <literal>"aws"</literal>,
|
||||
this option is required and has the following fields:
|
||||
<table>
|
||||
<title>AWS masterKey options</title>
|
||||
<tgroup cols="3">
|
||||
|
|
@ -85,6 +91,87 @@
|
|||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
<para>
|
||||
If <parameter>kmsProvider</parameter> is <literal>"azure"</literal>,
|
||||
this option is required and has the following fields:
|
||||
<table>
|
||||
<title>Azure masterKey options</title>
|
||||
<tgroup cols="3">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Option</entry>
|
||||
<entry>Type</entry>
|
||||
<entry>Description</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>keyVaultEndpoint</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Required. Host with optional port (e.g. "example.vault.azure.net").</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>keyName</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Required.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>keyVersion</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Optional. A specific version of the named key. Defaults to using the key's primary version.</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
<para>
|
||||
If <parameter>kmsProvider</parameter> is <literal>"gcp"</literal>,
|
||||
this option is required and has the following fields:
|
||||
<table>
|
||||
<title>GCP masterKey options</title>
|
||||
<tgroup cols="3">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Option</entry>
|
||||
<entry>Type</entry>
|
||||
<entry>Description</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>projectId</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Required.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>location</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Required.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>keyRing</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Required.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>keyName</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Required.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>keyVersion</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Optional. A specific version of the named key. Defaults to using the key's primary version.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>endpoint</entry>
|
||||
<entry>string</entry>
|
||||
<entry>Optional. Host with optional port. Defaults to "cloudkms.googleapis.com".</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
|
|
@ -123,6 +210,31 @@
|
|||
<member>Throws <classname>MongoDB\Driver\Exception\EncryptionException</classname> if an error occurs while creating the data key</member>
|
||||
</simplelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="changelog">
|
||||
&reftitle.changelog;
|
||||
<para>
|
||||
<informaltable>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Version;</entry>
|
||||
<entry>&Description;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>PECL mongodb 1.10.0</entry>
|
||||
<entry>
|
||||
Azure and GCP are now supported as KMS providers for client-side
|
||||
encryption.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
||||
|
|
|
|||
|
|
@ -965,6 +965,12 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
|
|||
<para>
|
||||
Added the <literal>"disableClientPersistence"</literal> driver option.
|
||||
</para>
|
||||
<para>
|
||||
Azure and GCP are now supported as KMS providers for client-side
|
||||
encryption and may be configured in the
|
||||
<literal>"kmsProviders"</literal> field of the
|
||||
<literal>"autoEncryption"</literal> driver option.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
|
|
|
|||
|
|
@ -63,6 +63,32 @@
|
|||
</simplelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="changelog">
|
||||
&reftitle.changelog;
|
||||
<para>
|
||||
<informaltable>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Version;</entry>
|
||||
<entry>&Description;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>PECL mongodb 1.10.0</entry>
|
||||
<entry>
|
||||
Azure and GCP are now supported as KMS providers for client-side
|
||||
encryption and may be configured in the
|
||||
<literal>"kmsProviders"</literal> option.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<simplelist>
|
||||
|
|
|
|||
Loading…
Reference in a new issue