(mongodb >=1.7.0)
MongoDB\Driver\ClientEncryption::createDataKey — Create a new encryption data key
$kmsProvider
[, array $options
] ) : MongoDB\BSON\BinaryCreates a new key document and inserts it into the key vault collection.
kmsProvider
The KMS provider ("local" or "aws") that will be used to encrypt the new encryption key.
options
Option | Type | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
masterKey | array |
The masterKey identifies a KMS-specific key used to encrypt the new data key. If the kmsProvider is aws it is required and has the following fields:
|
||||||||||||
keyAltNames | array |
An optional list of string alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id. |
Returns the identifier of the new key as a MongoDB\BSON\Binary object with subtype 4 (UUID).