@@ -627,85 +627,11 @@ Otherwise you will get a *auth failed* exception.
627627
628628~~~~~~~~~~~~~~~~~~~~~~~~~~~~
629629
630- The MongoDB driver supports receiving a stream context to set SSL and logging
631- options. This can be used to authenticate using SSL certificates. To do so,
632- create a service that creates your logging context:
630+ The MongoDB driver supports receiving a stream context to set SSL and logging options. This can be used to authenticate using SSL certificates.
633631
634- .. configuration-block ::
635-
636- .. code-block :: yaml
637-
638- services :
639- # ...
640-
641- app.mongodb.context_service :
642- class : ' resource'
643- factory : ' stream_context_create'
644- arguments :
645- - { ssl: { verify_expiry: true } }
646-
647- code-block :: php
648-
649- use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
650-
651- return static function (ContainerConfigurator $container): void {
652- $container->services()
653- ->set('app.mongodb.context_service', 'resource')
654- ->factory('stream_context_create')
655- ->args([
656- ['ssl' => ['verify_expiry' => true]],
657- ])
658- ;
659- };
660-
661- class `` option is not used when creating the service, but has to be
662- provided for the service definition to be valid.
663-
664- You can then use this service in your configuration:
665-
666- .. configuration-block ::
667-
668- .. code-block :: yaml
669-
670- doctrine_mongodb :
671- # ...
672- connections :
673- default :
674- server : " mongodb://localhost:27017"
675- driver_options :
676- context : " app.mongodb.context_service"
677-
678- code-block :: xml
679-
680- <?xml version =" 1.0"
681-
682- <container xmlns =" http://symfony.com/schema/dic/services"
683- xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
684- xmlns : doctrine =" http://symfony.com/schema/dic/doctrine/odm/mongodb"
685- xsi : schemaLocation =" http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
686- http://symfony.com/schema/dic/doctrine/odm/mongodb https://symfony.com/schema/dic/doctrine/odm/mongodb/mongodb-1.0.xsd" >
632+ .. seealso ::
687633
688- <doctrine : mongodb >
689- <doctrine : connection id =" default" server =" mongodb://localhost:27017"
690- <doctrine : driver-options
691- context =" app.mongodb.context_service"
692- >
693- </doctrine : options >
694- </doctrine : connection >
695- </doctrine : mongodb >
696- </container >
697-
698- code-block :: php
699-
700- use Symfony\Config\DoctrineMongodbConfig;
701-
702- return static function (DoctrineMongodbConfig $config): void {
703- $config->connection('default')
704- ->server('mongodb://localhost:27017')
705- ->driverOptions([
706- 'context' => 'app.mongodb.context_service',
707- ]);
708- };
634+ For full documentation and configuration examples for Client-Side Field-Level Encryption (CSFLE) and Queryable Encryption (QE), see :doc: `csfle_qe `
709635
710636Full Default Configuration
711637--------------------------
@@ -781,6 +707,32 @@ Full Default Configuration
781707 wTimeoutMS : ~
782708 driver_options :
783709 context : ~ # stream context to use for connection
710+ autoEncryption : # Options for client-side field-level encryption
711+ bypassAutoEncryption : false # Disables auto-encryption
712+ keyVaultClient : null # Service ID of a MongoDB\Driver\Manager for the key vault
713+ keyVaultNamespace : null # The namespace for the key vault collection (e.g., "encryption.__keyVault")
714+ kmsProviders : [] # Configuration for Key Management System providers (see specific examples above)
715+ # e.g., local: { key: "YOUR_BASE64_KEY" }
716+ # e.g., aws: { accessKeyId: "...", secretAccessKey: "..." }
717+ schemaMap : [] # Document schemas for explicit encryption
718+ encryptedFieldsMap : [] # Map of collections to their encrypted fields configuration
719+ extraOptions : [] # Extra options for mongocryptd
720+ # mongocryptdURI: "mongodb://localhost:27020"
721+ # mongocryptdBypassSpawn: false
722+ # mongocryptdSpawnPath: "/usr/local/bin/mongocryptd"
723+ # mongocryptdSpawnArgs: ["--idleShutdownTimeoutSecs=60"]
724+ # cryptSharedLibPath: null # Path to the crypt_shared library
725+ # cryptSharedLibRequired: false # If true, fails if the crypt_shared library cannot be loaded
726+ bypassQueryAnalysis : false # Disables automatic analysis of read and write operations for encryption
727+ tlsOptions : # TLS options for the Key Vault client (if keyVaultClient is not specified)
728+ tlsCAFile : null # Path to CA file, e.g., /path/to/key-vault-ca.pem
729+ tlsCertificateKeyFile : null # Path to client cert/key file, e.g., /path/to/key-vault-client.pem
730+ tlsCertificateKeyFilePassword : null # Password for client cert/key file
731+ tlsAllowInvalidCertificates : false # Bypass server certificate validation (use with caution)
732+ tlsAllowInvalidHostnames : false # Bypass server hostname validation (use with caution)
733+ tlsDisableCertificateRevocationCheck : false # Disable CRL checks
734+ tlsDisableOCSPEndpointCheck : false # Disable OCSP checks
735+ tlsInsecure : false # Allow invalid/no server cert (use with extreme caution)
784736
785737 proxy_namespace : MongoDBODMProxies
786738 proxy_dir : " %kernel.cache_dir%/doctrine/odm/mongodb/Proxies"
@@ -909,6 +861,32 @@ Full Default Configuration
909861 ->server('mongodb://localhost')
910862 ->driverOptions([
911863 'context' => null, // stream context to use for connection
864+ 'autoEncryption' => [ // Options for client-side field-level encryption
865+ 'bypassAutoEncryption' => false, // Disables auto-encryption
866+ 'keyVaultClient' => null, // Service ID of a MongoDB\Driver\Manager for the key vault
867+ 'keyVaultNamespace' => null, // The namespace for the key vault collection (e.g., "encryption.__keyVault")
868+ 'kmsProviders' => [ // Configuration for Key Management System providers
869+ // e.g., 'local' => ['key' => 'YOUR_BASE64_KEY'],
870+ // e.g., 'aws' => ['accessKeyId' => '...', 'secretAccessKey' => '...'],
871+ ],
872+ 'schemaMap' => [], // Document schemas for explicit encryption
873+ 'encryptedFieldsMap' => [], // Map of collections to their encrypted fields configuration
874+ 'extraOptions' => [ // Extra options for mongocryptd
875+ // 'cryptSharedLibPath' => null, // Path to the crypt_shared library
876+ // 'cryptSharedLibRequired' => false, // If true, fails if the crypt_shared library cannot be loaded
877+ ],
878+ 'bypassQueryAnalysis' => false, // Disables automatic analysis of read and write operations for encryption
879+ 'tlsOptions' => [ // TLS options for the Key Vault client (if keyVaultClient is not specified)
880+ // 'tlsCAFile' => null, // Path to CA file, e.g., /path/to/key-vault-ca.pem
881+ // 'tlsCertificateKeyFile' => null, // Path to client cert/key file, e.g., /path/to/key-vault-client.pem
882+ // 'tlsCertificateKeyFilePassword' => null, // Password for client cert/key file
883+ // 'tlsAllowInvalidCertificates' => false, // Bypass server certificate validation (use with caution)
884+ // 'tlsAllowInvalidHostnames' => false, // Bypass server hostname validation (use with caution)
885+ // 'tlsDisableCertificateRevocation' => false, // Disable CRL checks
886+ // 'tlsDisableOCSPEndpointCheck' => false, // Disable OCSP checks
887+ // 'tlsInsecure' => false, // Allow invalid/no server cert (use with extreme caution)
888+ ],
889+ ],
912890 ])
913891 ->options([
914892 'authMechanism' => null,
0 commit comments