Scroll to navigation

MONGOC_AUTO_ENCRYPTION_OPTS_SET_SCHEMA_MAP(3) libmongoc MONGOC_AUTO_ENCRYPTION_OPTS_SET_SCHEMA_MAP(3)

SYNOPSIS

void
mongoc_auto_encryption_opts_set_schema_map (mongoc_auto_encryption_opts_t *opts,


                                            const bson_t *schema_map);


PARAMETERS

  • opts: The mongoc_auto_encryption_opts_t
  • schema_map: A bson_t where keys are collection namespaces and values are JSON schemas.

Supplying a schema map provides more security than relying on JSON Schemas obtained from the server. It protects against a malicious server advertising a false JSON Schema, which could trick the client into sending unencrypted data that should be encrypted.

Schemas supplied in the schema map only apply to configuring automatic encryption for Client-Side Field Level Encryption. Other validation rules in the JSON schema will not be enforced by the driver and will result in an error.

The following is an example of a schema map which configures automatic encryption for the collection db.coll:

{


     "db.coll": {


         "properties": {


         "encrypted_string": {


             "encrypt": {


             "keyId": [


                 {


                 "$binary": {


                     "base64": "AAAAAAAAAAAAAAAAAAAAAA==",


                     "subType": "04"


                 }


                 }


             ],


             "bsonType": "string",


             "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"


             }


         }


         },


         "bsonType": "object"


     }


 }


The schema map does not apply to collections encrypted with: Queryable Encryption. Use mongoc_auto_encryption_opts_set_encrypted_fields_map() instead.

SEE ALSO:

mongoc_client_enable_auto_encryption()

In-Use Encryption



AUTHOR

MongoDB, Inc

COPYRIGHT

2017-present, MongoDB, Inc

February 25, 2024 1.26.0