mongodb 6.8.0-dev.20240628.sha.45bc0982 → 6.8.0-dev.20240702.sha.f48f8d36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/lib/client-side-encryption/auto_encrypter.js.map +1 -1
- package/lib/client-side-encryption/mongocryptd_manager.js +7 -3
- package/lib/client-side-encryption/mongocryptd_manager.js.map +1 -1
- package/mongodb.d.ts +1 -71
- package/package.json +1 -1
- package/src/client-side-encryption/auto_encrypter.ts +1 -79
- package/src/client-side-encryption/mongocryptd_manager.ts +9 -5
- package/tsconfig.json +2 -1
package/README.md
CHANGED
|
@@ -24,6 +24,12 @@ The official [MongoDB](https://www.mongodb.com/) driver for Node.js.
|
|
|
24
24
|
|
|
25
25
|
### Release Integrity
|
|
26
26
|
|
|
27
|
+
Releases are created automatically and signed using the [Node team's GPG key](https://pgp.mongodb.com/node-driver.asc). This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:
|
|
28
|
+
|
|
29
|
+
```shell
|
|
30
|
+
gpg --import node-driver.asc
|
|
31
|
+
```
|
|
32
|
+
|
|
27
33
|
The GitHub release contains a detached signature file for the NPM package (named
|
|
28
34
|
`mongodb-X.Y.Z.tgz.sig`).
|
|
29
35
|
|
|
@@ -39,6 +45,9 @@ To verify the integrity of the downloaded package, run the following command:
|
|
|
39
45
|
gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz
|
|
40
46
|
```
|
|
41
47
|
|
|
48
|
+
>[!Note]
|
|
49
|
+
No verification is done when using npm to install the package. The contents of the Github tarball and npm's tarball are identical.
|
|
50
|
+
|
|
42
51
|
### Bugs / Feature Requests
|
|
43
52
|
|
|
44
53
|
Think you’ve found a bug? Want to see a new feature in `node-mongodb-native`? Please open a
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auto_encrypter.js","sourceRoot":"","sources":["../../src/client-side-encryption/auto_encrypter.ts"],"names":[],"mappings":";;;;AAMA,kCAAgE;AAEhE,4CAA+C;AAC/C,kCAAqD;AACrD,oCAA6C;AAC7C,kDAAuE;AACvE,oCAAsD;AACtD,sDAAsD;AACtD,qCAA0D;AAC1D,+DAA2D;AAC3D,2CAAuE;AACvE,mDAAwE;
|
|
1
|
+
{"version":3,"file":"auto_encrypter.js","sourceRoot":"","sources":["../../src/client-side-encryption/auto_encrypter.ts"],"names":[],"mappings":";;;;AAMA,kCAAgE;AAEhE,4CAA+C;AAC/C,kCAAqD;AACrD,oCAA6C;AAC7C,kDAAuE;AACvE,oCAAsD;AACtD,sDAAsD;AACtD,qCAA0D;AAC1D,+DAA2D;AAC3D,2CAAuE;AACvE,mDAAwE;AAgGxE,cAAc;AACD,QAAA,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC;IACrD,UAAU,EAAE,CAAC;IACb,KAAK,EAAE,CAAC;IACR,OAAO,EAAE,CAAC;IACV,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;CACA,CAAC,CAAC;AAiBZ;;;GAGG;AACH,MAAa,aAAa;IA4BxB,gBAAgB;IAChB,MAAM,CAAC,aAAa;QAClB,MAAM,UAAU,GAAG,IAAA,iCAA0B,GAAE,CAAC;QAChD,IAAI,cAAc,IAAI,UAAU,EAAE;YAChC,MAAM,UAAU,CAAC,YAAY,CAAC;SAC/B;QACD,OAAO,UAAU,CAAC,UAAU,CAAC;IAC/B,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+CG;IACH,YAAY,MAAmB,EAAE,OAA8B;QAnE/D;;;;;;;WAOG;QACH,QAAiB,GAAG,KAAK,CAAC;QA4DxB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,KAAK,IAAI,CAAC;QAE/D,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,IAAI,gBAAgB,CAAC;QACxE,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;QACxD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;QACxD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;QAEhD,MAAM,iBAAiB,GAAsB;YAC3C,eAAe;SAChB,CAAC;QACF,IAAI,OAAO,CAAC,SAAS,EAAE;YACrB,iBAAiB,CAAC,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC;gBAC9D,CAAC,CAAC,OAAO,CAAC,SAAS;gBACnB,CAAC,CAAE,IAAA,gBAAS,EAAC,OAAO,CAAC,SAAS,CAAY,CAAC;SAC9C;QAED,IAAI,OAAO,CAAC,kBAAkB,EAAE;YAC9B,iBAAiB,CAAC,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,kBAAkB,CAAC;gBAChF,CAAC,CAAC,OAAO,CAAC,kBAAkB;gBAC5B,CAAC,CAAE,IAAA,gBAAS,EAAC,OAAO,CAAC,kBAAkB,CAAY,CAAC;SACvD;QAED,iBAAiB,CAAC,YAAY,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;YACnE,CAAC,CAAE,IAAA,gBAAS,EAAC,IAAI,CAAC,aAAa,CAAY;YAC3C,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC;QAEvB,IAAI,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE;YAC3B,iBAAiB,CAAC,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;SACnD;QAED,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,kBAAkB,EAAE;YACnE,iBAAiB,CAAC,kBAAkB,GAAG,OAAO,CAAC,YAAY,CAAC,kBAAkB,CAAC;SAChF;QAED,IAAI,OAAO,CAAC,mBAAmB,EAAE;YAC/B,iBAAiB,CAAC,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC;SACrE;QAED,IAAI,CAAC,gCAAgC,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;QAEhG,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,yBAAyB,EAAE;YAC1E,0BAA0B;YAC1B,iBAAiB,CAAC,yBAAyB,GAAG,OAAO,CAAC,YAAY,CAAC,yBAAyB,CAAC;SAC9F;aAAM,IAAI,CAAC,IAAI,CAAC,gCAAgC,EAAE;YACjD,iBAAiB,CAAC,yBAAyB,GAAG,CAAC,SAAS,CAAC,CAAC;SAC3D;QAED,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,EAAE,CAAC;QACjD,IAAI,CAAC,WAAW,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAEzB,IACE,OAAO,CAAC,YAAY;YACpB,OAAO,CAAC,YAAY,CAAC,sBAAsB;YAC3C,CAAC,IAAI,CAAC,yBAAyB,EAC/B;YACA,MAAM,IAAI,uCAA8B,CACtC,iEAAiE,CAClE,CAAC;SACH;QAED,oEAAoE;QACpE,kDAAkD;QAClD,IAAI,CAAC,IAAI,CAAC,gCAAgC,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE;YAC7E,IAAI,CAAC,mBAAmB,GAAG,IAAI,wCAAkB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACxE,MAAM,aAAa,GAAuB;gBACxC,wBAAwB,EAAE,KAAK;aAChC,CAAC;YAEF,IAAI,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,OAAO,OAAO,CAAC,YAAY,CAAC,cAAc,KAAK,QAAQ,EAAE;gBAC3F,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC;aAC1B;YAED,IAAI,CAAC,kBAAkB,GAAG,IAAI,0BAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;SACxF;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,gCAAgC,IAAI,IAAI,CAAC,yBAAyB,EAAE;YAC3E,OAAO;SACR;QACD,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE;YAC7B,MAAM,IAAI,yBAAiB,CACzB,sHAAsH,CACvH,CAAC;SACH;QACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC5B,MAAM,IAAI,yBAAiB,CACzB,qHAAqH,CACtH,CAAC;SACH;QAED,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,WAAW,EAAE;YACzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;SACxC;QAED,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;YACvD,OAAO,MAAM,CAAC;SACf;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;YAC1B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,EAAE;gBAC/E,MAAM,IAAI,yBAAiB,CACzB,mGAAmG,EACnG,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;aACH;YACD,MAAM,KAAK,CAAC;SACb;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAc;QAC3B,MAAM,IAAI,CAAC,kBAAkB,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,EAAU,EACV,GAAa,EACb,UAA0B,EAAE;QAE5B,IAAI,IAAI,CAAC,iBAAiB,EAAE;YAC1B,8DAA8D;YAC9D,OAAO,GAAG,CAAC;SACZ;QAED,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,gBAAS,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAE3E,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,qBAAqB,CACpD,kCAA0B,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,EAAE,EAC5C,aAAa,CACd,CAAC;QAEF,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACpC,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;QAEvB,MAAM,YAAY,GAAG,IAAI,4BAAY,CAAC;YACpC,aAAa,EAAE,KAAK;YACpB,YAAY,EAAE,KAAK;YACnB,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,UAAU,EAAE,IAAI,CAAC,WAAW;SAC7B,CAAC,CAAC;QAEH,OAAO,IAAA,kBAAW,EAAC,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;YAC5D,aAAa,EAAE,KAAK;YACpB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,QAAoB,EAAE,UAA0B,EAAE;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAEjE,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAEpC,MAAM,YAAY,GAAG,IAAI,4BAAY,CAAC;YACpC,GAAG,OAAO;YACV,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,UAAU,EAAE,IAAI,CAAC,WAAW;SAC7B,CAAC,CAAC;QAEH,OAAO,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,oBAAoB;QACxB,OAAO,MAAM,IAAA,iCAAqB,EAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACH,IAAI,yBAAyB;QAC3B,OAAO,IAAI,CAAC,WAAW,CAAC,yBAAyB,CAAC;IACpD,CAAC;IAED,MAAM,KAAK,oBAAoB;QAC7B,OAAO,aAAa,CAAC,aAAa,EAAE,CAAC,oBAAoB,CAAC;IAC5D,CAAC;CACF;AAjSD,sCAiSC;KAvQE,2BAAe"}
|
|
@@ -8,14 +8,18 @@ const error_1 = require("../error");
|
|
|
8
8
|
*/
|
|
9
9
|
class MongocryptdManager {
|
|
10
10
|
constructor(extraOptions = {}) {
|
|
11
|
+
this.spawnPath = '';
|
|
12
|
+
this.spawnArgs = [];
|
|
11
13
|
this.uri =
|
|
12
14
|
typeof extraOptions.mongocryptdURI === 'string' && extraOptions.mongocryptdURI.length > 0
|
|
13
15
|
? extraOptions.mongocryptdURI
|
|
14
16
|
: MongocryptdManager.DEFAULT_MONGOCRYPTD_URI;
|
|
15
17
|
this.bypassSpawn = !!extraOptions.mongocryptdBypassSpawn;
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
18
|
+
if (Object.hasOwn(extraOptions, 'mongocryptdSpawnPath') && extraOptions.mongocryptdSpawnPath) {
|
|
19
|
+
this.spawnPath = extraOptions.mongocryptdSpawnPath;
|
|
20
|
+
}
|
|
21
|
+
if (Object.hasOwn(extraOptions, 'mongocryptdSpawnArgs') &&
|
|
22
|
+
Array.isArray(extraOptions.mongocryptdSpawnArgs)) {
|
|
19
23
|
this.spawnArgs = this.spawnArgs.concat(extraOptions.mongocryptdSpawnArgs);
|
|
20
24
|
}
|
|
21
25
|
if (this.spawnArgs
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mongocryptd_manager.js","sourceRoot":"","sources":["../../src/client-side-encryption/mongocryptd_manager.ts"],"names":[],"mappings":";;;AAEA,oCAAoD;AAGpD;;;GAGG;AACH,MAAa,kBAAkB;IAS7B,YAAY,eAA2C,EAAE;
|
|
1
|
+
{"version":3,"file":"mongocryptd_manager.js","sourceRoot":"","sources":["../../src/client-side-encryption/mongocryptd_manager.ts"],"names":[],"mappings":";;;AAEA,oCAAoD;AAGpD;;;GAGG;AACH,MAAa,kBAAkB;IAS7B,YAAY,eAA2C,EAAE;QAJzD,cAAS,GAAG,EAAE,CAAC;QACf,cAAS,GAAkB,EAAE,CAAC;QAI5B,IAAI,CAAC,GAAG;YACN,OAAO,YAAY,CAAC,cAAc,KAAK,QAAQ,IAAI,YAAY,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;gBACvF,CAAC,CAAC,YAAY,CAAC,cAAc;gBAC7B,CAAC,CAAC,kBAAkB,CAAC,uBAAuB,CAAC;QAEjD,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC,YAAY,CAAC,sBAAsB,CAAC;QAEzD,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,sBAAsB,CAAC,IAAI,YAAY,CAAC,oBAAoB,EAAE;YAC5F,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,oBAAoB,CAAC;SACpD;QACD,IACE,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,sBAAsB,CAAC;YACnD,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,oBAAoB,CAAC,EAChD;YACA,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;SAC3E;QACD,IACE,IAAI,CAAC,SAAS;aACX,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC;aACtC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,EAC7D;YACA,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;SACxD;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK;QACT,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,aAAa,CAAC;QAEhD,8DAA8D;QAC9D,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,eAAe,CAAmC,CAAC;QAE7E,gDAAgD;QAChD,sCAAsC;QACtC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE;YAC3C,KAAK,EAAE,QAAQ;YACf,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC3B,qBAAqB;YACrB,kFAAkF;YAClF,yEAAyE;YACzE,8EAA8E;YAC9E,8EAA8E;YAC9E,iFAAiF;YACjF,iFAAiF;YACjF,yEAAyE;YACzE,iFAAiF;YACjF,6EAA6E;YAC7E,yFAAyF;YACzF,+EAA+E;YAC/E,+DAA+D;QACjE,CAAC,CAAC,CAAC;QAEH,+CAA+C;QAC/C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAI,EAAoB;QACvC,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,EAAE,EAAE,CAAC;YAC1B,OAAO,MAAM,CAAC;SACf;QAAC,OAAO,GAAG,EAAE;YACZ,8GAA8G;YAC9G,MAAM,WAAW,GAAG,GAAG,YAAY,gCAAwB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;YACjF,IAAI,CAAC,WAAW,EAAE;gBAChB,MAAM,GAAG,CAAC;aACX;SACF;QACD,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,MAAM,EAAE,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC;IAChB,CAAC;;AAxFM,0CAAuB,GAAG,2BAA2B,AAA9B,CAA+B;AADlD,gDAAkB"}
|
package/mongodb.d.ts
CHANGED
|
@@ -588,77 +588,7 @@ export declare interface AutoEncryptionOptions {
|
|
|
588
588
|
/** The namespace where keys are stored in the key vault */
|
|
589
589
|
keyVaultNamespace?: string;
|
|
590
590
|
/** Configuration options that are used by specific KMS providers during key generation, encryption, and decryption. */
|
|
591
|
-
kmsProviders?:
|
|
592
|
-
/** Configuration options for using 'aws' as your KMS provider */
|
|
593
|
-
aws?: {
|
|
594
|
-
/** The access key used for the AWS KMS provider */
|
|
595
|
-
accessKeyId: string;
|
|
596
|
-
/** The secret access key used for the AWS KMS provider */
|
|
597
|
-
secretAccessKey: string;
|
|
598
|
-
/**
|
|
599
|
-
* An optional AWS session token that will be used as the
|
|
600
|
-
* X-Amz-Security-Token header for AWS requests.
|
|
601
|
-
*/
|
|
602
|
-
sessionToken?: string;
|
|
603
|
-
} | Record<string, never>;
|
|
604
|
-
/** Configuration options for using 'local' as your KMS provider */
|
|
605
|
-
local?: {
|
|
606
|
-
/**
|
|
607
|
-
* The master key used to encrypt/decrypt data keys.
|
|
608
|
-
* A 96-byte long Buffer or base64 encoded string.
|
|
609
|
-
*/
|
|
610
|
-
key: Buffer | string;
|
|
611
|
-
};
|
|
612
|
-
/** Configuration options for using 'azure' as your KMS provider */
|
|
613
|
-
azure?: {
|
|
614
|
-
/** The tenant ID identifies the organization for the account */
|
|
615
|
-
tenantId: string;
|
|
616
|
-
/** The client ID to authenticate a registered application */
|
|
617
|
-
clientId: string;
|
|
618
|
-
/** The client secret to authenticate a registered application */
|
|
619
|
-
clientSecret: string;
|
|
620
|
-
/**
|
|
621
|
-
* If present, a host with optional port. E.g. "example.com" or "example.com:443".
|
|
622
|
-
* This is optional, and only needed if customer is using a non-commercial Azure instance
|
|
623
|
-
* (e.g. a government or China account, which use different URLs).
|
|
624
|
-
* Defaults to "login.microsoftonline.com"
|
|
625
|
-
*/
|
|
626
|
-
identityPlatformEndpoint?: string | undefined;
|
|
627
|
-
} | {
|
|
628
|
-
/**
|
|
629
|
-
* If present, an access token to authenticate with Azure.
|
|
630
|
-
*/
|
|
631
|
-
accessToken: string;
|
|
632
|
-
} | Record<string, never>;
|
|
633
|
-
/** Configuration options for using 'gcp' as your KMS provider */
|
|
634
|
-
gcp?: {
|
|
635
|
-
/** The service account email to authenticate */
|
|
636
|
-
email: string;
|
|
637
|
-
/** A PKCS#8 encrypted key. This can either be a base64 string or a binary representation */
|
|
638
|
-
privateKey: string | Buffer;
|
|
639
|
-
/**
|
|
640
|
-
* If present, a host with optional port. E.g. "example.com" or "example.com:443".
|
|
641
|
-
* Defaults to "oauth2.googleapis.com"
|
|
642
|
-
*/
|
|
643
|
-
endpoint?: string | undefined;
|
|
644
|
-
} | {
|
|
645
|
-
/**
|
|
646
|
-
* If present, an access token to authenticate with GCP.
|
|
647
|
-
*/
|
|
648
|
-
accessToken: string;
|
|
649
|
-
} | Record<string, never>;
|
|
650
|
-
/**
|
|
651
|
-
* Configuration options for using 'kmip' as your KMS provider
|
|
652
|
-
*/
|
|
653
|
-
kmip?: {
|
|
654
|
-
/**
|
|
655
|
-
* The output endpoint string.
|
|
656
|
-
* The endpoint consists of a hostname and port separated by a colon.
|
|
657
|
-
* E.g. "example.com:123". A port is always present.
|
|
658
|
-
*/
|
|
659
|
-
endpoint?: string;
|
|
660
|
-
};
|
|
661
|
-
};
|
|
591
|
+
kmsProviders?: KMSProviders;
|
|
662
592
|
/**
|
|
663
593
|
* A map of namespaces to a local JSON schema for encryption
|
|
664
594
|
*
|
package/package.json
CHANGED
|
@@ -26,85 +26,7 @@ export interface AutoEncryptionOptions {
|
|
|
26
26
|
/** The namespace where keys are stored in the key vault */
|
|
27
27
|
keyVaultNamespace?: string;
|
|
28
28
|
/** Configuration options that are used by specific KMS providers during key generation, encryption, and decryption. */
|
|
29
|
-
kmsProviders?:
|
|
30
|
-
/** Configuration options for using 'aws' as your KMS provider */
|
|
31
|
-
aws?:
|
|
32
|
-
| {
|
|
33
|
-
/** The access key used for the AWS KMS provider */
|
|
34
|
-
accessKeyId: string;
|
|
35
|
-
/** The secret access key used for the AWS KMS provider */
|
|
36
|
-
secretAccessKey: string;
|
|
37
|
-
/**
|
|
38
|
-
* An optional AWS session token that will be used as the
|
|
39
|
-
* X-Amz-Security-Token header for AWS requests.
|
|
40
|
-
*/
|
|
41
|
-
sessionToken?: string;
|
|
42
|
-
}
|
|
43
|
-
| Record<string, never>;
|
|
44
|
-
/** Configuration options for using 'local' as your KMS provider */
|
|
45
|
-
local?: {
|
|
46
|
-
/**
|
|
47
|
-
* The master key used to encrypt/decrypt data keys.
|
|
48
|
-
* A 96-byte long Buffer or base64 encoded string.
|
|
49
|
-
*/
|
|
50
|
-
key: Buffer | string;
|
|
51
|
-
};
|
|
52
|
-
/** Configuration options for using 'azure' as your KMS provider */
|
|
53
|
-
azure?:
|
|
54
|
-
| {
|
|
55
|
-
/** The tenant ID identifies the organization for the account */
|
|
56
|
-
tenantId: string;
|
|
57
|
-
/** The client ID to authenticate a registered application */
|
|
58
|
-
clientId: string;
|
|
59
|
-
/** The client secret to authenticate a registered application */
|
|
60
|
-
clientSecret: string;
|
|
61
|
-
/**
|
|
62
|
-
* If present, a host with optional port. E.g. "example.com" or "example.com:443".
|
|
63
|
-
* This is optional, and only needed if customer is using a non-commercial Azure instance
|
|
64
|
-
* (e.g. a government or China account, which use different URLs).
|
|
65
|
-
* Defaults to "login.microsoftonline.com"
|
|
66
|
-
*/
|
|
67
|
-
identityPlatformEndpoint?: string | undefined;
|
|
68
|
-
}
|
|
69
|
-
| {
|
|
70
|
-
/**
|
|
71
|
-
* If present, an access token to authenticate with Azure.
|
|
72
|
-
*/
|
|
73
|
-
accessToken: string;
|
|
74
|
-
}
|
|
75
|
-
| Record<string, never>;
|
|
76
|
-
/** Configuration options for using 'gcp' as your KMS provider */
|
|
77
|
-
gcp?:
|
|
78
|
-
| {
|
|
79
|
-
/** The service account email to authenticate */
|
|
80
|
-
email: string;
|
|
81
|
-
/** A PKCS#8 encrypted key. This can either be a base64 string or a binary representation */
|
|
82
|
-
privateKey: string | Buffer;
|
|
83
|
-
/**
|
|
84
|
-
* If present, a host with optional port. E.g. "example.com" or "example.com:443".
|
|
85
|
-
* Defaults to "oauth2.googleapis.com"
|
|
86
|
-
*/
|
|
87
|
-
endpoint?: string | undefined;
|
|
88
|
-
}
|
|
89
|
-
| {
|
|
90
|
-
/**
|
|
91
|
-
* If present, an access token to authenticate with GCP.
|
|
92
|
-
*/
|
|
93
|
-
accessToken: string;
|
|
94
|
-
}
|
|
95
|
-
| Record<string, never>;
|
|
96
|
-
/**
|
|
97
|
-
* Configuration options for using 'kmip' as your KMS provider
|
|
98
|
-
*/
|
|
99
|
-
kmip?: {
|
|
100
|
-
/**
|
|
101
|
-
* The output endpoint string.
|
|
102
|
-
* The endpoint consists of a hostname and port separated by a colon.
|
|
103
|
-
* E.g. "example.com:123". A port is always present.
|
|
104
|
-
*/
|
|
105
|
-
endpoint?: string;
|
|
106
|
-
};
|
|
107
|
-
};
|
|
29
|
+
kmsProviders?: KMSProviders;
|
|
108
30
|
/**
|
|
109
31
|
* A map of namespaces to a local JSON schema for encryption
|
|
110
32
|
*
|
|
@@ -12,8 +12,8 @@ export class MongocryptdManager {
|
|
|
12
12
|
|
|
13
13
|
uri: string;
|
|
14
14
|
bypassSpawn: boolean;
|
|
15
|
-
spawnPath
|
|
16
|
-
spawnArgs: Array<string
|
|
15
|
+
spawnPath = '';
|
|
16
|
+
spawnArgs: Array<string> = [];
|
|
17
17
|
_child?: ChildProcess;
|
|
18
18
|
|
|
19
19
|
constructor(extraOptions: AutoEncryptionExtraOptions = {}) {
|
|
@@ -24,9 +24,13 @@ export class MongocryptdManager {
|
|
|
24
24
|
|
|
25
25
|
this.bypassSpawn = !!extraOptions.mongocryptdBypassSpawn;
|
|
26
26
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
if (Object.hasOwn(extraOptions, 'mongocryptdSpawnPath') && extraOptions.mongocryptdSpawnPath) {
|
|
28
|
+
this.spawnPath = extraOptions.mongocryptdSpawnPath;
|
|
29
|
+
}
|
|
30
|
+
if (
|
|
31
|
+
Object.hasOwn(extraOptions, 'mongocryptdSpawnArgs') &&
|
|
32
|
+
Array.isArray(extraOptions.mongocryptdSpawnArgs)
|
|
33
|
+
) {
|
|
30
34
|
this.spawnArgs = this.spawnArgs.concat(extraOptions.mongocryptdSpawnArgs);
|
|
31
35
|
}
|
|
32
36
|
if (
|