class motor.motor_tornado.MotorClientEncryption(kms_providers, key_vault_namespace, key_vault_client, codec_options, io_loop=None)

Explicit client-side field level encryption.

Takes the same constructor arguments as pymongo.encryption.ClientEncryption, as well as:

  • io_loop (optional): Special event loop instance to use instead of default.
coroutine close()

Release resources.

Note that using this class in a with-statement will automatically call close():

async with AsyncIOMotorClientEncryption(...) as client_encryption:
    encrypted = await client_encryption.encrypt(value, ...)
    decrypted = await client_encryption.decrypt(encrypted)
coroutine create_data_key(kms_provider, master_key=None, key_alt_names=None)

Create and insert a new data key into the key vault collection.

Takes the same arguments as pymongo.encryption.ClientEncryption.create_data_key, with only the following slight difference using async syntax. The following example shows creating and referring to a data key by alternate name:

await client_encryption.create_data_key("local", keyAltNames=["name1"])
# reference the key with the alternate name
await client_encryption.encrypt("457-55-5462", keyAltName="name1",
coroutine decrypt(value)

Decrypt an encrypted value.

  • value (Binary): The encrypted value, a Binary with subtype 6.

The decrypted BSON value.

coroutine encrypt(value, algorithm, key_id=None, key_alt_name=None)

Encrypt a BSON value with a given key and algorithm.

Note that exactly one of key_id or key_alt_name must be provided.

  • value: The BSON value to encrypt.
  • algorithm (string): The encryption algorithm to use. See Algorithm for some valid options.
  • key_id: Identifies a data key by _id which must be a Binary with subtype 4 ( UUID_SUBTYPE).
  • key_alt_name: Identifies a key vault document by ‘keyAltName’.

The encrypted value, a Binary with subtype 6.