mongoc_client_encryption_opts_set_tls_opts -
SYNOPSIS PARAMETERS AUTHOR COPYRIGHTSYNOPSIS
void
mongoc_client_encryption_opts_set_tls_opts (
mongoc_client_encryption_opts_t *opts, const bson_t
*tls_opts);
PARAMETERS
|
• |
opts: The mongoc_client_encryption_opts_t | ||
|
• |
tls_opts: A bson_t mapping a Key Management Service (KMS) provider to a BSON document with TLS options. |
tls_opts is a BSON document of the following form:
<KMS
provider>: {
tlsCaFile: Optional<String>
tlsCertificateKeyFile: Optional<String>
tlsCertificateKeyFilePassword: Optional<String>
}
KMS providers are specified as a string of the form <KMS provider type> or <KMS provider type>:<KMS provider name>. The supported KMS provider types are aws, azure, gcp, local, and kmip. The optional name enables configuring multiple KMS providers with the same KMS provider type (e.g. aws:name1 and aws:name2 can refer to different AWS accounts).
tls_opts maps the KMS provider to a BSON document for TLS options.
The BSON document for TLS options may contain the following keys:
|
• |
MONGOC_URI_TLSCERTIFICATEKEYFILE |
|||
|
• |
MONGOC_URI_TLSCERTIFICATEKEYFILEPASSWORD |
|||
|
• |
MONGOC_URI_TLSCAFILE |
Example use
mongoc_client_encryption_opts_t
*ce_opts = mongoc_client_encryption_opts_new ();
bson_t *tls_opts = bson_new ();
BCON_APPEND
(tls_opts, "kmip", "{",
MONGOC_URI_TLSCAFILE, "ca1.pem", "}");
BCON_APPEND (tls_opts, "aws", "{",
MONGOC_URI_TLSCAFILE, "ca2.pem", "}");
mongoc_client_encryption_opts_set_tls_opts (ce_opts,
tls_opts);
See Configuring TLS for a description of the behavior of these options.
SEE ALSO:
In−Use Encryption
AUTHOR
MongoDB, Inc
COPYRIGHT
2017-present, MongoDB, Inc