- Reference >
mongo
Shell Methods >- Connection Methods >
- Mongo()
Mongo()¶
On this page
Description¶
Changed in version 4.2.
-
Mongo
(host, ClientSideFieldLevelEncryptionOptions)¶ JavaScript constructor to instantiate a database connection from the
mongo
shell or from a JavaScript file.The
Mongo()
method has the following parameters:Parameter Type Description host
string Optional. The host, either in the form of
<host>
or<host><:port>
.If omitted,
Mongo
instantiates a connection to the localhost interface on the default port27017
.ClientSideFieldLevelEncryptionOptions
Document Optional
New in version 4.2.
Configuration parameters for enabling Client-Side Field Level Encryption.
ClientSideFieldLevelEncryptionOptions
overrides the existing client-side field level encryption configuration of the database connection. If omitted,Mongo()
inherits the client-side field level encryption configuration of the current database connection.For documentation of usage and syntax, see ClientSideFieldLevelEncryptionOptions.
See also
ClientSideFieldLevelEncryptionOptions
¶
New in version 4.2.
The ClientSideFieldLevelEncryptionOptions
document specifies
configuration options for Client-Side Field Level Encryption.
If the database connection has an existing client-side field level
encryption configuration, specifying
ClientSideFieldLevelEncryptionOptions
overrides that configuration.
For example, starting the mongo
shell
with client-side field level encryption command-line options enables
client-side encryption for that connection. New database connections
created using Mongo()
inherit the encryption settings unless
Mongo()
includes ClientSideFieldLevelEncryptionOptions
.
The ClientSideFieldLevelEncryptionOptions
document has the following
syntax:
The ClientSideFieldLevelEncryptionOptions
document takes the
following parameters:
Parameter | Type | Description |
---|---|---|
keyVaultClient |
Mongo() connection object. |
(Optional) The MongoDB cluster hosting the key vault collection. Omit to use the current database connection as the key vault host. Specify a |
keyVaultNamespace |
string | (Required) The full namespace of the key vault collection. |
kmsProvider |
document | (Required) The Key Management Service (KMS) used by client-side field level encryption for managing a Customer Master Key (CMK). Client-side field level encryption uses the CMK for encrypting and decrypting data encryption keys. Client-side field level encryption either the Amazon Web Services KMS or a Locally Managed Key:
|
schemaMap |
document | (Optional) The automatic client-side field level encryption rules specified using the JSON schema Draft 4 standard syntax and encryption-specific keywords. For complete documentation, see Automatic Encryption Rules. |
bypassAutoEncryption |
boolean | (Optional) Specify true to bypass automatic client-side field
level encryption rules and perform explicit (manual) per-field
encryption. |
Example¶
Connect to a MongoDB Cluster¶
The following operation creates a new connection object from the
mongo
shell:
Issue operations against the cluster
object to interact with the
mymongo.example.net:27017
cluster:
Connect to a MongoDB Cluster with Client-Side Encryption Enabled¶
Configuring client-side field level encryption for a locally
managed key requires specifying a
base64-encoded 96-byte string with no line breaks. The following
operation generates a key that meets the stated requirements and loads
it into the mongo
shell:
The following operation creates a new connection object from the
mongo
shell. The
ClientSideFieldLevelEncryptionOptions option specifies
the required options for enabling client-side field level encryption
using a locally managed key:
Issue operations against the cluster
object to interact with the
mymongo.example.net:27017
cluster and perform explicit encryption:
See Client-Side Field Level Encryption Methods for a complete list of client-side field level encryption methods.
Connect to a MongoDB Cluster with Automatic Client-Side Encryption Enabled¶
Configuring client-side field level encryption for a locally
managed key requires specifying a
base64-encoded 96-byte string with no line breaks. The following
operation generates a key that meets the stated requirements and loads
it into the mongo
shell:
The following operation creates a new connection object from the
mongo
shell. The
ClientSideFieldLevelEncryptionOptions option specifies
the required options for enabling automatic client-side encryption on the hr.employees
collection:
Issue operations against the cluster
object to interact with the
mymongo.example.net:27017
cluster and utilize automatic encryption:
The specified automatic encryption rules encrypt the taxid
and
taxid-short
fields using the specified data encryption key and
algorithm. Only clients configured for the correct KMS and access to
the specified data encryption key can decrypt the field.
See Client-Side Field Level Encryption Methods for a complete list of client-side field level encryption methods.