@@ -230,6 +230,57 @@ If you do not want to use the data keys created by Django MongoDB Backend (when
230230In this scenario, Django MongoDB Backend will use the newly created data keys
231231to create collections for models with encrypted fields.
232232
233+ Here is an example of how to configure the
234+ ``encrypted_fields_map `` in your Django settings:
235+
236+ .. code-block :: python
237+
238+ from pymongo.encryption_options import AutoEncryptionOpts
239+ from bson import json_util
240+
241+ DATABASES = {
242+ " encrypted"
243+ " ENGINE" " django_mongodb_backend"
244+ " HOST" " mongodb+srv://cluster0.example.mongodb.net"
245+ " NAME" " encrypted"
246+ " USER" " my_user"
247+ " PASSWORD" " my_password"
248+ " PORT" 27017 ,
249+ " OPTIONS"
250+ " auto_encryption_opts"
251+ key_vault_namespace = " encrypted.keyvault"
252+ kms_providers = {
253+ " aws"
254+ " accessKeyId" " your-access-key-id"
255+ " secretAccessKey" " your-secret-access-key"
256+ }
257+ },
258+ encrypted_fields_map = json_util.loads(
259+ """ {
260+ "encrypt_patient": {
261+ "fields": [
262+ {
263+ "bsonType": "string",
264+ "path": "patient_record.ssn",
265+ "keyId": {
266+ "$binary": {
267+ "base64": "2MA29LaARIOqymYHGmi2mQ==",
268+ "subType": "04"
269+ }
270+ },
271+ "queries": {
272+ "queryType": "equality"
273+ }
274+ },
275+ ]
276+ }
277+ }"""
278+ ),
279+ )
280+ },
281+ },
282+ }
283+
233284
234285===================================================
235286
@@ -240,25 +291,62 @@ to perform automatic encryption.
240291You can :ref: `download the shared library
241292<manual:qe-csfle-shared-library-download>` from the
242293:ref: `manual:enterprise-official-packages ` and configure it in your Django
243- settings as follows:
294+ settings using the ``crypt_shared_lib_path `` option in
295+ :class: `pymongo.encryption_options.AutoEncryptionOpts `. The following example
296+ shows how to configure the shared library in your Django settings:
244297
245298.. code-block :: python
246299
247- from django_mongodb_backend import parse_uri
248300 from pymongo.encryption_options import AutoEncryptionOpts
249301
250302 DATABASES = {
251- " encrypted"
252- DATABASE_URL ,
253- options = {
303+ " encrypted"
304+ " ENGINE" " django_mongodb_backend"
305+ " HOST" " mongodb+srv://cluster0.example.mongodb.net"
306+ " NAME" " encrypted"
307+ " USER" " my_user"
308+ " PASSWORD" " my_password"
309+ " PORT" 27017 ,
310+ " OPTIONS"
254311 " auto_encryption_opts"
255- key_vault_namespace = " keyvault.keyvault"
256- kms_providers = {" local" " key" 96 )}},
312+ key_vault_namespace = " encrypted.keyvault"
313+ kms_providers = {
314+ " aws"
315+ " accessKeyId" " your-access-key-id"
316+ " secretAccessKey" " your-secret-access-key"
317+ }
318+ },
319+ encrypted_fields_map = json_util.loads(
320+ """ {
321+ "encrypt_patient": {
322+ "fields": [
323+ {
324+ "bsonType": "string",
325+ "path": "patient_record.ssn",
326+ "keyId": {
327+ "$binary": {
328+ "base64": "2MA29LaARIOqymYHGmi2mQ==",
329+ "subType": "04"
330+ }
331+ },
332+ "queries": {
333+ "queryType": "equality"
334+ }
335+ },
336+ ]
337+ }
338+ }"""
339+ ),
257340 crypt_shared_lib_path = " /path/to/mongo_crypt_shared_v1.dylib"
258341 )
259342 },
260- db_name = " encrypted"
261- ),
343+ " KMS_CREDENTIALS"
344+ " aws"
345+ " key" " AWS_KEY_ARN" " "
346+ " region" " AWS_KEY_REGION" " "
347+ },
348+ },
349+ },
262350 }
263351
264352:doc: `start developing applications
0 commit comments