[Encryption] Add autoEncryption configuration to the client
#889
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GromNaN
force-pushed
the
fix-kms-xsd-docs-alignment
branch
3 times, most recently
from
9d2e2ba to
60cc9c2
Compare
GromNaN
force-pushed
the
fix-kms-xsd-docs-alignment
branch
3 times, most recently
from
1f7c5cd to
d7472e8
Compare
GromNaN
force-pushed
the
fix-kms-xsd-docs-alignment
branch
from
2bf901b to
751082b
Compare
GromNaN
force-pushed
the
fix-kms-xsd-docs-alignment
branch
from
751082b to
46d9784
Compare
Member
Author
|
This is not complete as we don't inject the |
alcaeus
reviewed
Jun 17, 2025
docs/config.rst
Outdated
| bypassAutoEncryption: false # Disables auto-encryption | ||
| keyVaultClient: null # Service ID of a MongoDB\Driver\Manager for the key vault | ||
| keyVaultNamespace: null # The namespace for the key vault collection (e.g., "encryption.__keyVault") | ||
| kmsProviders: [] # Configuration for Key Management System providers (see specific examples above) |
Member
There was a problem hiding this comment.
This should be kmsProvider since we're only accepting a single provider at this time.
docs/config.rst
Outdated
| 'bypassAutoEncryption' => false, // Disables auto-encryption | ||
| 'keyVaultClient' => null, // Service ID of a MongoDB\Driver\Manager for the key vault | ||
| 'keyVaultNamespace' => null, // The namespace for the key vault collection (e.g., "encryption.__keyVault") | ||
| 'kmsProviders' => [ // Configuration for Key Management System providers |
Member
There was a problem hiding this comment.
Single KMS provider here as well
docs/encryption.rst
Outdated
Comment on lines
30
to
32
| kmsProviders: | ||
| local: | ||
| key: "YOUR_BASE64_KEY" |
docs/encryption.rst
Outdated
Comment on lines
45
to
49
| 'kmsProviders' => [ | ||
| 'local' => [ | ||
| 'key' => 'YOUR_BASE64_KEY', | ||
| ], | ||
| ], |
| ]); | ||
| }; | ||
| Supported KMS Providers |
Member
There was a problem hiding this comment.
Do we want to duplicate the full list here? If so, we may want to properly explain the individual options required for each KMS provider and where to obtain them.
Member
Author
There was a problem hiding this comment.
I removed the duplicated list and added a link to https://www.php.net/manual/en/mongodb-driver-manager.construct.php
| Queryable Encryption (QE) | ||
| ------------------------- | ||
|
|
||
| Queryable Encryption (QE) allows you to run queries on encrypted fields. To use QE, you may need to provide an ``encryptedFieldsMap`` or use a schema map, depending on your driver and use case. |
Member
There was a problem hiding this comment.
We can adapt this to mention the dump command I'm working on
GromNaN
changed the title
autoEncryption configuration to the clientautoEncryption configuration to the client
GromNaN
merged commit bd5212a
into
doctrine:feature/queryable-encryption
1 check passed
GromNaN
added a commit
that referenced
this pull request
Aug 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce the configuration of the
autoEncryptiondriver option in order to support automatic Client Side Field Level Encryption.This requires a MongoDB Atlas or Entreprise cluster.