MongoDB\Driver\ClientEncryption::createDataKey

(mongodb >=1.7.0)

MongoDB\Driver\ClientEncryption::createDataKey — Create a new encryption data key

Description

final public MongoDB\Driver\ClientEncryption::createDataKey ( string $kmsProvider [, array $options ] ) : MongoDB\BSON\Binary

Creates a new key document and inserts it into the key vault collection.

Parameters

kmsProvider

The KMS provider ("local" or "aws") that will be used to encrypt the new encryption key.

options

Option Type Description

masterKey

array

The masterKey identifies a KMS-specific key used to encrypt the new data key. If the kmsProvider is aws it is required and has the following fields:

**AWS masterKey options**
Option	Type	Description
region	string	Required.
key	string	Required. The Amazon Resource Name (ARN) to the AWS customer master key (CMK).
endpoint	string	Optional. An alternate host identifier to send KMS requests to. May include port number.

keyAltNames

array

An optional list of string alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.

Return Values

Returns the identifier of the new key as a MongoDB\BSON\Binary object with subtype 4 (UUID).

Errors/Exceptions

Throws MongoDB\Driver\Exception\InvalidArgumentException on argument parsing errors.
Throws MongoDB\Driver\Exception\EncryptionException if an error occurs while creating the data key