-Specific MongoClient Options¶

On this page

Overview
Example

Overview¶

View information about the ()-specific configuration options for MongoClient instances.

Pass an ```` object to your MongoClient instance to specify -specific options.

The following table describes the structure of an ```` object:

Parameter	Type	Required	Description
`keyVaultClient`	`MongoClient`	No	A `MongoClient` instance configured to connect to the MongoDB instance hosting your . If you omit the `keyVaultClient` option, the MongoDB instance specified to your `MongoClient` instance containing the ```` configuration is used as the host of your . To learn more about s, see s.
`keyVaultNamespace`	String	Yes	The full namespace of the .
`kmsProviders`	Object	Yes	The (KMS) used by for managing your s (CMKs). To learn more about `kmsProviders` objects, see KMS Providers. To learn more about s, see Keys and Key Vaults.
`tlsOptions`	Object	No	An object that maps provider names to TLS configuration options. To learn more about TLS options see: TLS Options. To learn more about TLS see: TLS/SSL (Transport Encryption).
`schemaMap`	Object	No	An encryption schema. To learn how to construct an encryption schema, see Encryption Schemas. For complete documentation of encryption schemas, see Encryption Schemas.
`bypassAutoEncryption`	Boolean	No	Specify `true` to bypass automatic rules and perform . `bypassAutoEncryption` does not disable automatic decryption. To learn more about this option, see Automatic Decryption.

Example¶

To view a code-snippet demonstrating how to use ```` to configure your MongoClient instance, select the tab corresponding to your driver:

copy

var autoEncryptionOpts =
{
   "keyVaultNamespace" : "<database>.<collection>",
   "kmsProviders" : { ... },
   "schemaMap" : { ... }
}

cluster = Mongo(
  "<Your Connection String>",
  autoEncryptionOpts
);

Tip

Environment Variables

If possible, consider defining the credentials provided in kmsProviders as environment variables, and then passing them to mongosh using the --eval option. This minimizes the chances of credentials leaking into logs.

copy

fle_opts = AutoEncryptionOpts(
  kms_providers,
  key_vault_namespace,
  schema_map=patient_schema,
  **extra_options
)
client = MongoClient(connection_string, auto_encryption_opts=fle_opts)

copy

MongoClientSettings clientSettings = MongoClientSettings.builder()
    .applyConnectionString(new ConnectionString("mongodb://localhost:27017"))
    .autoEncryptionSettings(AutoEncryptionSettings.builder()
        .keyVaultNamespace(keyVaultNamespace)
        .kmsProviders(kmsProviders)
        .schemaMap(schemaMap)
        .extraOptions(extraOptions)
        .build())
    .build();

MongoClient mongoClient = MongoClients.create(clientSettings);

copy

const secureClient = new MongoClient(connectionString, {
  useNewUrlParser: true,
  useUnifiedTopology: true,
  monitorCommands: true,
  autoEncryption: {
    keyVaultNamespace,
    kmsProviders,
    schemaMap: patientSchema,
    extraOptions: extraOptions,
  },
});

copy

var clientSettings = MongoClientSettings.FromConnectionString(_connectionString);
var autoEncryptionOptions = new AutoEncryptionOptions(
    keyVaultNamespace: keyVaultNamespace,
    kmsProviders: kmsProviders,
    schemaMap: schemaMap,
    extraOptions: extraOptions);
clientSettings.AutoEncryptionOptions = autoEncryptionOptions;
var client = new MongoClient(clientSettings);

copy

autoEncryptionOpts := options.AutoEncryption().
	SetKmsProviders(provider.Credentials()).
	SetKeyVaultNamespace(keyVaultNamespace).
	SetSchemaMap(schemaMap).
	SetExtraOptions(extraOptions)
client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI(uri).SetAutoEncryptionOptions(autoEncryptionOpts))

← Supported Operations for Automatic Encryption KMS Providers →