private IMongoClient CreateAutoEncryptingClient( KmsKeyLocation kmsKeyLocation, CollectionNamespace keyVaultNamespace, BsonDocument schema) { var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >(); // Specify the local master encryption key if (kmsKeyLocation == KmsKeyLocation.Local) { var localMasterKeyBase64 = File.ReadAllText(__localMasterKeyPath); var localMasterKeyBytes = Convert.FromBase64String(localMasterKeyBase64); var localOptions = new Dictionary <string, object> { { "key", localMasterKeyBytes } }; kmsProviders.Add("local", localOptions); } // var schemaMap = new Dictionary <string, BsonDocument>(); schemaMap.Add(_medicalRecordsNamespace.ToString(), schema); // Specify location of mongocryptd binary, if necessary var extraOptions = new Dictionary <string, object>() { // uncomment the following line if you are running mongocryptd manually // { "mongocryptdBypassSpawn", true } }; // Create CSFLE-enabled MongoClient // The addition of the automatic encryption settings are what // change this from a standard MongoClient to a CSFLE-enabled one var clientSettings = MongoClientSettings.FromConnectionString(_connectionString); var autoEncryptionOptions = new AutoEncryptionOptions( keyVaultNamespace: keyVaultNamespace, kmsProviders: kmsProviders, schemaMap: schemaMap, extraOptions: extraOptions); clientSettings.AutoEncryptionOptions = autoEncryptionOptions; return(new MongoClient(clientSettings)); }
private IMongoClient CreateAutoEncryptingClient( KmsKeyLocation kmsKeyLocation, CollectionNamespace keyVaultNamespace, BsonDocument schema) { var kmsProviders = new Dictionary <string, IReadOnlyDictionary <string, object> >(); switch (kmsKeyLocation) { case KmsKeyLocation.Local: var localMasterKeyBase64 = File.ReadAllText(__localMasterKeyPath); var localMasterKeyBytes = Convert.FromBase64String(localMasterKeyBase64); var localOptions = new Dictionary <string, object> { { "key", localMasterKeyBytes } }; kmsProviders.Add("local", localOptions); break; case KmsKeyLocation.AWS: var awsAccessKey = Environment.GetEnvironmentVariable("FLE_AWS_ACCESS_KEY"); var awsSecretAccessKey = Environment.GetEnvironmentVariable("FLE_AWS_SECRET_ACCESS_KEY"); var awsKmsOptions = new Dictionary <string, object> { { "accessKeyId", awsAccessKey }, { "secretAccessKey", awsSecretAccessKey } }; kmsProviders.Add("aws", awsKmsOptions); break; case KmsKeyLocation.Azure: var azureTenantId = Environment.GetEnvironmentVariable("FLE_AZURE_TENANT_ID"); var azureClientId = Environment.GetEnvironmentVariable("FLE_AZURE_CLIENT_ID"); var azureClientSecret = Environment.GetEnvironmentVariable("FLE_AZURE_CLIENT_SECRET"); var azureIdentityPlatformEndpoint = Environment.GetEnvironmentVariable("FLE_AZURE_IDENTIFY_PLATFORM_ENPDOINT"); // Optional, only needed if user is using a non-commercial Azure instance var azureKmsOptions = new Dictionary <string, object> { { "tenantId", azureTenantId }, { "clientId", azureClientId }, { "clientSecret", azureClientSecret }, }; if (azureIdentityPlatformEndpoint != null) { azureKmsOptions.Add("identityPlatformEndpoint", azureIdentityPlatformEndpoint); } kmsProviders.Add("azure", azureKmsOptions); break; case KmsKeyLocation.GCP: var gcpPrivateKey = Environment.GetEnvironmentVariable("FLE_GCP_PRIVATE_KEY"); var gcpEmail = Environment.GetEnvironmentVariable("FLE_GCP_EMAIL"); var gcpKmsOptions = new Dictionary <string, object> { { "privateKey", gcpPrivateKey }, { "email", gcpEmail }, }; kmsProviders.Add("gcp", gcpKmsOptions); break; } var schemaMap = new Dictionary <string, BsonDocument>(); schemaMap.Add(_medicalRecordsNamespace.ToString(), schema); var extraOptions = new Dictionary <string, object>() { // uncomment the following line if you are running mongocryptd manually // { "mongocryptdBypassSpawn", true } }; var clientSettings = MongoClientSettings.FromConnectionString(_connectionString); var autoEncryptionOptions = new AutoEncryptionOptions( keyVaultNamespace: keyVaultNamespace, kmsProviders: kmsProviders, schemaMap: schemaMap, extraOptions: extraOptions); clientSettings.AutoEncryptionOptions = autoEncryptionOptions; return(new MongoClient(clientSettings)); }