MotorClientEncryption¶
-
class
motor.motor_tornado.MotorClientEncryption(kms_providers, key_vault_namespace, key_vault_client, codec_options, io_loop=None)¶ Explicit client-side field level encryption.
Takes the same constructor arguments as
pymongo.encryption.ClientEncryption, as well as:Parameters: - io_loop (optional): Special event loop instance to use instead of default.
-
coroutine
close()¶ Release resources.
Note that using this class in a with-statement will automatically call
close():async with AsyncIOMotorClientEncryption(...) as client_encryption: encrypted = await client_encryption.encrypt(value, ...) decrypted = await client_encryption.decrypt(encrypted)
-
coroutine
create_data_key(kms_provider, master_key=None, key_alt_names=None)¶ Create and insert a new data key into the key vault collection.
Takes the same arguments as
pymongo.encryption.ClientEncryption.create_data_key, with only the following slight difference using async syntax. The following example shows creating and referring to a data key by alternate name:await client_encryption.create_data_key("local", keyAltNames=["name1"]) # reference the key with the alternate name await client_encryption.encrypt("457-55-5462", keyAltName="name1", algorithm=Algorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
-
coroutine
decrypt(value)¶ Decrypt an encrypted value.
Parameters: - value (Binary): The encrypted value, a
Binarywith subtype 6.
Returns: The decrypted BSON value.
- value (Binary): The encrypted value, a
-
coroutine
encrypt(value, algorithm, key_id=None, key_alt_name=None)¶ Encrypt a BSON value with a given key and algorithm.
Note that exactly one of
key_idorkey_alt_namemust be provided.Parameters: - value: The BSON value to encrypt.
- algorithm (string): The encryption algorithm to use. See
Algorithmfor some valid options. - key_id: Identifies a data key by
_idwhich must be aBinarywith subtype 4 (UUID_SUBTYPE). - key_alt_name: Identifies a key vault document by ‘keyAltName’.
Returns: The encrypted value, a
Binarywith subtype 6.