MongoDB\Driver\ClientEncryption::createDataKey

Parameters

kmsProvider

The KMS provider (e.g. "local", "aws", "azure", "gcp") that will be used to encrypt the new encryption key.

options

Data key options

Option	Type	Description
masterKey	array	The masterKey identifies a KMS-specific key used to encrypt the new data key. This option is required unless kmsProvider is "local". If kmsProvider is "aws", this option is required and has the following fields: AWS masterKey options Option Type Description region string Required. key string Required. The Amazon Resource Name (ARN) to the AWS customer master key (CMK). endpoint string Optional. An alternate host identifier to send KMS requests to. May include port number. If kmsProvider is "azure", this option is required and has the following fields: Azure masterKey options Option Type Description keyVaultEndpoint string Required. Host with optional port (e.g. "example.vault.azure.net"). keyName string Required. keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version. If kmsProvider is "gcp", this option is required and has the following fields: GCP masterKey options Option Type Description projectId string Required. location string Required. keyRing string Required. keyName string Required. keyVersion string Optional. A specific version of the named key. Defaults to using the key's primary version. endpoint string Optional. Host with optional port. Defaults to "cloudkms.googleapis.com".
keyAltNames	array	An optional list of string alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.