code

mongodb · Feb 4, 2025 · addb4dc · addb4dc
1 parent 1755b3e
commit addb4dc
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 54 deletions.
diff --git a/source/includes/csfle.cpp b/source/includes/csfle.cpp
@@ -0,0 +1,56 @@
+// start-auto-encrypt
+auto mongocryptd_options = make_document(kvp("mongocryptdBypassSpawn", true));
+
+options::auto_encryption auto_encrypt_opts{};
+auto_encrypt_opts.extra_options({mongocryptd_options.view()});
+
+options::client client_opts;
+client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
+
+// Create and use your client here
+// end-auto-encrypt
+
+// start-json-schema
+auto data_key_id = client_encryption.create_data_key("local");
+auto json_schema = document{} << "properties" << open_document << "encryptedFieldName" << open_document << "encrypt"
+                                << open_document << "keyId" << open_array << data_key_id << close_array << "bsonType"
+                                << "string"
+                                << "algorithm"
+                                << "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" << close_document << close_document
+                                << close_document << "bsonType"
+                                << "object" << finalize;
+// end-json-schema
+
+// start-explicit-encrypt
+// Configure your MongoDB client here
+
+auto kms_providers = document{} << "local" << open_document << "key"
+                                << local_master_key << close_document
+                                << finalize;
+
+options::client_encryption client_encryption_opts{};
+client_encryption_opts.key_vault_namespace({"keyvault", "datakeys"});
+client_encryption_opts.kms_providers(kms_providers.view());
+client_encryption_opts.key_vault_client(&client);
+
+class client_encryption client_encryption(std::move(client_encryption_opts));
+
+// Explicitly encrypts a BSON value
+auto to_encrypt = bsoncxx::types::bson_value::make_value("secret message");
+auto encrypted_message = client_encryption.encrypt(to_encrypt, encrypt_opts);
+
+// Explicitly decrypts a BSON value
+auto decrypted_message = client_encryption.decrypt(encrypted_message);
+
+// Inserts the encrypted value into the database
+coll.insert_one(make_document(kvp("encryptedField", encrypted_message)));
+// end-explicit-encrypt
+
+// start-auto-decrypt
+options::auto_encryption auto_encrypt_opts{};
+auto_encrypt_opts.bypass_auto_encryption(true);
+
+options::client client_opts{};
+client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
+class client client_encrypted {uri{}, std::move(client_opts)};
+// end-auto-decrypt
diff --git a/source/security/in-use-encryption.txt b/source/security/in-use-encryption.txt
@@ -127,17 +127,11 @@ Then, pass these options to your client in a ``client_opts`` instance.
 The following code shows how to start the ``mongocryptd`` binary separately
 from the driver:
 
-.. code-block:: cpp
-
-   auto mongocryptd_options = make_document(kvp("mongocryptdBypassSpawn", true));
-
-   options::auto_encryption auto_encrypt_opts{};
-   auto_encrypt_opts.extra_options({mongocryptd_options.view()});
-
-   options::client client_opts;
-   client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
-
-   // Create and use your client here
+.. literalinclude:: /includes/csfle.cpp
+   :language: cpp
+   :copyable: true
+   :start-after: // start-auto-encrypt
+   :end-before: // end-auto-encrypt
 
 Set an Encryption Schema
 ````````````````````````
@@ -160,16 +154,11 @@ encryption options to use.
 
 The following code shows the syntax for specifying a JSON Schema document:
 
-.. code-block:: cpp
-
-   auto data_key_id = client_encryption.create_data_key("local");
-   auto json_schema = document{} << "properties" << open_document << "encryptedFieldName" << open_document << "encrypt"
-                                 << open_document << "keyId" << open_array << data_key_id << close_array << "bsonType"
-                                 << "string"
-                                 << "algorithm"
-                                 << "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" << close_document << close_document
-                                 << close_document << "bsonType"
-                                 << "object" << finalize;
+.. literalinclude:: /includes/csfle.cpp
+   :language: cpp
+   :copyable: true
+   :start-after: // start-json-schema
+   :end-before: // end-json-schema
 
 To view a full example that uses the preceding ``json_schema`` document to
 configure an automatic encryption schema, see the :github:`Automatic CSFLE
@@ -196,30 +185,11 @@ The following example configures explicit encryption
 for an insert operation, which inserts an encrypted message
 into the database:
 
-.. code-block:: cpp
-
-   // Configure your MongoDB client here
-
-   auto kms_providers = document{} << "local" << open_document << "key"
-                                   << local_master_key << close_document
-                                   << finalize;
-
-   options::client_encryption client_encryption_opts{};
-   client_encryption_opts.key_vault_namespace({"keyvault", "datakeys"});
-   client_encryption_opts.kms_providers(kms_providers.view());
-   client_encryption_opts.key_vault_client(&client);
-
-   class client_encryption client_encryption(std::move(client_encryption_opts));
-
-   // Explicitly encrypts a BSON value
-   auto to_encrypt = bsoncxx::types::bson_value::make_value("secret message");
-   auto encrypted_message = client_encryption.encrypt(to_encrypt, encrypt_opts);
-
-   // Explicitly decrypts a BSON value
-   auto decrypted_message = client_encryption.decrypt(encrypted_message);
-
-   // Inserts the encrypted value into the database
-   coll.insert_one(make_document(kvp("encryptedField", encrypted_message)));
+.. literalinclude:: /includes/csfle.cpp
+   :language: cpp
+   :copyable: true
+   :start-after: // start-explicit-encrypt
+   :end-before: // end-explicit-encrypt
 
 To view a full example that configures explicit encryption,
 see the :github:`Explicit Encryption </mongo-cxx-driver/blob/master/examples/mongocxx/explicit_encryption.cpp>`
@@ -240,14 +210,11 @@ then passes this options instance to the ``auto_encryption_opts`` field
 of a ``options::client``. This creates a client configured to
 use automatic decryption:
 
-.. code-block:: cpp
-
-   options::auto_encryption auto_encrypt_opts{};
-   auto_encrypt_opts.bypass_auto_encryption(true);
-
-   options::client client_opts{};
-   client_opts.auto_encryption_opts(std::move(auto_encrypt_opts));
-   class client client_encrypted {uri{}, std::move(client_opts)};
+.. literalinclude:: /includes/csfle.cpp
+   :language: cpp
+   :copyable: true
+   :start-after: // start-auto-decrypt
+   :end-before: // end-auto-decrypt
 
 To view a full example that configures explicit encryption
 with automatic decryption, see the :github:`Explicit Encryption Auto Decryption
@@ -257,4 +224,4 @@ example in the driver source code.
 Additional Information
 ----------------------
 
-To learn more about CSFLE, see :manual:`CSFLE </core/csfle/>` in the Server manual.
+To learn more about CSFLE, see :manual:`CSFLE </core/csfle/>` in the {+mdb-server+} manual.