MotorClientEncryption
¶
-
class
motor.motor_tornado.
MotorClientEncryption
(kms_providers, key_vault_namespace, key_vault_client, codec_options, io_loop=None)¶ Explicit client-side field level encryption.
Takes the same constructor arguments as
pymongo.encryption.ClientEncryption
, as well as:Parameters: - io_loop (optional): Special event loop instance to use instead of default.
-
coroutine
close
()¶ Release resources.
Note that using this class in a with-statement will automatically call
close()
:async with AsyncIOMotorClientEncryption(...) as client_encryption: encrypted = await client_encryption.encrypt(value, ...) decrypted = await client_encryption.decrypt(encrypted)
-
coroutine
create_data_key
(kms_provider, master_key=None, key_alt_names=None)¶ Create and insert a new data key into the key vault collection.
Takes the same arguments as
pymongo.encryption.ClientEncryption.create_data_key
, with only the following slight difference using async syntax. The following example shows creating and referring to a data key by alternate name:await client_encryption.create_data_key("local", keyAltNames=["name1"]) # reference the key with the alternate name await client_encryption.encrypt("457-55-5462", keyAltName="name1", algorithm=Algorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
-
coroutine
decrypt
(value)¶ Decrypt an encrypted value.
Parameters: - value (Binary): The encrypted value, a
Binary
with subtype 6.
Returns: The decrypted BSON value.
- value (Binary): The encrypted value, a
-
coroutine
encrypt
(value, algorithm, key_id=None, key_alt_name=None)¶ Encrypt a BSON value with a given key and algorithm.
Note that exactly one of
key_id
orkey_alt_name
must be provided.Parameters: - value: The BSON value to encrypt.
- algorithm (string): The encryption algorithm to use. See
Algorithm
for some valid options. - key_id: Identifies a data key by
_id
which must be aBinary
with subtype 4 (UUID_SUBTYPE
). - key_alt_name: Identifies a key vault document by ‘keyAltName’.
Returns: The encrypted value, a
Binary
with subtype 6.