MongoDB\Driver\ClientEncryption::createDataKey

(mongodb >=1.7.0)

MongoDB\Driver\ClientEncryption::createDataKeyCreate a new encryption data key

Description

final public MongoDB\Driver\ClientEncryption::createDataKey ( string $kmsProvider [, array $options ] ) : MongoDB\BSON\Binary

Creates a new key document and inserts it into the key vault collection.

Parameters

kmsProvider

The KMS provider ("local" or "aws") that will be used to encrypt the new encryption key.

options

Data key options
Option Type Description
masterKey array

The masterKey identifies a KMS-specific key used to encrypt the new data key. If the kmsProvider is aws it is required and has the following fields:

AWS masterKey options
Option Type Description
region string Required.
key string Required. The Amazon Resource Name (ARN) to the AWS customer master key (CMK).
endpoint string Optional. An alternate host identifier to send KMS requests to. May include port number.

keyAltNames array

An optional list of string alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.

Return Values

Returns the identifier of the new key as a MongoDB\BSON\Binary object with subtype 4 (UUID).

Errors/Exceptions