MONGOC_CLIENT_ENCRYPTION_OPTS_SET_TLS_OPTS

NAME

mongoc_client_encryption_opts_set_tls_opts - mongoc_client_encryption_opts_set_tls_opts()

SYNOPSIS

void
mongoc_client_encryption_opts_set_tls_opts (
mongoc_client_encryption_opts_t *opts, const bson_t *tls_opts);

PARAMETERS

	•		opts: The mongoc_client_encryption_opts_t
	•		tls_opts: A bson_t mapping a Key Management Service (KMS) provider name to a BSON document with TLS options.

tls_opts is a BSON document of the following form:

<KMS provider name>: {
tlsCaFile: Optional<String>
tlsCertificateKeyFile: Optional<String>
tlsCertificateKeyFilePassword: Optional<String>
}

The KMS providers aws, azure, gcp, and kmip are supported as keys in the tls_opts document.

tls_opts maps the KMS provider name to a BSON document for TLS options.

The BSON document for TLS options may contain the following keys:

	•		MONGOC_URI_TLSCERTIFICATEKEYFILE
	•		MONGOC_URI_TLSCERTIFICATEKEYFILEPASSWORD
	•		MONGOC_URI_TLSCAFILE

Example use

mongoc_client_encryption_opts_t *ce_opts =
mongoc_client_encryption_opts_new ();
bson_t *tls_opts = bson_new ();

BCON_APPEND (tls_opts, "kmip", "{", MONGOC_URI_TLSCAFILE, "ca1.pem", "}");
BCON_APPEND (tls_opts, "aws", "{", MONGOC_URI_TLSCAFILE, "ca2.pem", "}");
mongoc_client_encryption_opts_set_tls_opts (ce_opts, tls_opts);

See Configuring TLS for a description of the behavior of these options.

SEE ALSO:

The guide for Using Client-Side Field Level Encryption

AUTHOR

MongoDB, Inc

COPYRIGHT

2017-present, MongoDB, Inc