DOCSP-42150: CSFLE standardization (#102)

norareidy · web-flow · commit f8fbbf5e4a16 · 2025-02-10T15:49:16.000-05:00
* DOCSP-42150: CSFLE standardization

* edits

* code

* edits

* edits

* fix build errors

* SA feedback

* remove

* KA feedback

* link

* KA feedback 2
diff --git a/config/redirects b/config/redirects
@@ -27,7 +27,7 @@ raw: /docs/languages/cxx -> /docs/languages/cpp
 
 (v3.10-master]: ${prefix}/${version}/installation/ -> ${base}/${version}/get-started/
 (v3.10-master]: ${prefix}/${version}/configuration/ -> ${base}/${version}/security/
-(v3.10-master]: ${prefix}/${version}/client-side-encryption/ -> ${base}/${version}/security/client-side-encryption/
+(v3.10-master]: ${prefix}/${version}/client-side-encryption/ -> ${base}/${version}/security/in-use-encryption/
 (v3.10-master]: ${prefix}/${version}/tutorial/ -> ${base}/${version}/
 (v3.10-master]: ${prefix}/${version}/connection-pools/ -> ${base}/${version}/connect/connection-pools/
 (v3.10-master]: ${prefix}/${version}/working-with-bson/ -> ${base}/${version}/data-formats/working-with-bson/
diff --git a/source/include-link.txt b/source/include-link.txt
@@ -47,6 +47,7 @@ The examples on this page reference {+driver-short+} library targets. Examples i
 The availability of targets depends on the particular installation method.
 
 .. _cpp-include-cmake:
+
 CMake
 -----
 
@@ -83,8 +84,7 @@ After installing the {+driver-short+}, you can use CMake's ``find_package`` comm
 To use the ``find_package`` command, create a ``CMakeLists.txt`` file in your project directory. The following example creates a ``CMakeLists.txt`` file in the ``/home/user/project1`` project directory that uses ``find_package``:
 
 .. literalinclude:: /includes/cmake_with_driver_installation.txt
-  :caption: /home/user/project1/CMakeLists.txt
-  :start-after: -- sphinx-include-start --
+   :caption: /home/user/project1/CMakeLists.txt
 
 Then, run the following commands to build your project:
 
@@ -140,8 +140,7 @@ Alternatively, you can use CMake's ``add_subdirectory`` command without installi
 To use the ``add_subdirectory`` command, create a ``CMakeLists.txt`` file in your project directory. The following example creates a ``CMakeLists.txt`` file in the ``/home/user/project2`` project directory that uses ``add_subdirectory``:
 
 .. literalinclude:: /includes/cmake_without_driver_installation.txt
-  :caption: /home/user/project2/CMakeLists.txt
-  :start-after: -- sphinx-include-start --
+   :caption: /home/user/project2/CMakeLists.txt
 
 .. note::
 
@@ -190,6 +189,7 @@ The output resembles the following:
    members
 
 .. _cpp-include-pkg-config:
+
 pkg-config
 ----------
 
diff --git a/source/includes/csfle.cpp b/source/includes/csfle.cpp
@@ -0,0 +1,52 @@
+// start-auto-encrypt
+auto mongocryptd_options = make_document(kvp("mongocryptdBypassSpawn", true));
+
+options::auto_encryption auto_encrypt_opts{};
+auto_encrypt_opts.extra_options({mongocryptd_options.view()});
+
+options::client client_opts;
+client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
+
+// Create and use your client here
+// end-auto-encrypt
+
+// start-json-schema
+auto data_key_id = client_encryption.create_data_key("local");
+auto json_schema = document{} << "properties" << open_document << "encryptedFieldName" << open_document << "encrypt"
+                                << open_document << "keyId" << open_array << data_key_id << close_array << "bsonType"
+                                << "string"
+                                << "algorithm"
+                                << "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" << close_document << close_document
+                                << close_document << "bsonType"
+                                << "object" << finalize;
+// end-json-schema
+
+// start-explicit-encrypt
+// Configure your MongoDB client's encryption options here
+
+class client_encryption client_encryption(std::move(client_encryption_opts));
+
+auto data_key_id = client_encryption.create_data_key("local");
+options::encrypt encrypt_opts{};
+encrypt_opts.key_id(data_key_id.view());
+encrypt_opts.algorithm(options::encrypt::encryption_algorithm::k_deterministic);
+
+// Explicitly encrypts a BSON value
+auto to_encrypt = bsoncxx::types::bson_value::make_value("secret message");
+auto encrypted_message = client_encryption.encrypt(to_encrypt, encrypt_opts);
+
+// Explicitly decrypts a BSON value
+auto decrypted_message = client_encryption.decrypt(encrypted_message);
+
+// Inserts the encrypted value into the database
+coll.insert_one(make_document(kvp("encryptedField", encrypted_message)));
+// end-explicit-encrypt
+
+// start-auto-decrypt
+options::auto_encryption auto_encrypt_opts{};
+auto_encrypt_opts.bypass_auto_encryption(true);
+
+options::client client_opts{};
+client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
+class client client_encrypted {uri{}, std::move(client_opts)};
+// end-auto-decrypt
diff --git a/source/security.txt b/source/security.txt
@@ -25,7 +25,6 @@ Secure Your Data
    Authentication </security/authentication>
    Enterprise Authentication </security/enterprise-authentication>
    In-Use Encryption </security/in-use-encryption>
-   Client-Side Encryption </security/client-side-encryption>
 
 Overview
 --------
diff --git a/source/security/client-side-encryption.txt b/source/security/client-side-encryption.txt
diff --git a/source/security/in-use-encryption.txt b/source/security/in-use-encryption.txt
