diff --git a/reference/mongodb/mongodb/driver/manager/construct.xml b/reference/mongodb/mongodb/driver/manager/construct.xml
index a6104a2250ca..7a7a4095115c 100644
--- a/reference/mongodb/mongodb/driver/manager/construct.xml
+++ b/reference/mongodb/mongodb/driver/manager/construct.xml
@@ -636,7 +636,7 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
Provides options to enable automatic client-side field level
- encryption.
+ encryption. The list of options is described in the table below.
@@ -659,142 +659,6 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
bypassAutoEncryption is &true;.
-
- The following options are supported:
-
-
- Options for automatic encryption
-
-
-
- Option
- Type
- Description
-
-
-
- &mongodb.option.encryption.keyVaultClient;
- &mongodb.option.encryption.keyVaultNamespace;
- &mongodb.option.encryption.kmsProviders;
- &mongodb.option.encryption.tlsOptions;
-
- schemaMap
- arrayobject
-
-
- Map of collection namespaces to a local JSON schema. This is
- used to configure automatic encryption. See
- Automatic Encryption Rules
- in the MongoDB manual for more information. It is an error to
- specify a collection in both schemaMap and
- encryptedFieldsMap.
-
-
-
- Supplying a schemaMap provides more
- security than relying on JSON schemas obtained from the
- server. It protects against a malicious server advertising a
- false JSON schema, which could trick the client into sending
- unencrypted data that should be encrypted.
-
-
-
-
- Schemas supplied in the schemaMap only
- apply to configuring automatic encryption for client side
- encryption. Other validation rules in the JSON schema will
- not be enforced by the driver and will result in an error.
-
-
-
-
-
- bypassAutoEncryption
- bool
-
- If &true;, mongocryptd will not be spawned
- automatically. This is used to disable automatic encryption.
- Defaults to &false;.
-
-
-
- bypassQueryAnalysis
- bool
-
-
- If &true;, automatic analysis of outgoing commands will be
- disabled and mongocryptd will not be
- spawned automatically. This enables the use case of explicit
- encryption for querying indexed fields without requiring the
- enterprise licensed crypt_shared library or
- mongocryptd process. Defaults to &false;.
-
-
-
-
- encryptedFieldsMap
- arrayobject
-
-
- Map of collection namespaces to an
- encryptedFields document. This is used to
- configure queryable encryption. See
- Field Encryption and Queryability
- in the MongoDB manual for more information. It is an error to
- specify a collection in both
- encryptedFieldsMap and
- schemaMap.
-
-
-
- Supplying an encryptedFieldsMap provides
- more security than relying on an
- encryptedFields obtained from the server.
- It protects against a malicious server advertising a false
- encryptedFields.
-
-
-
-
-
- extraOptions
- array
-
-
- The extraOptions relate to the
- mongocryptd process. The following options
- are supported:
-
-
- mongocryptdURI (string): URI to connect to an existing mongocryptd process. Defaults to "mongodb://localhost:27020".
- mongocryptdBypassSpawn (bool): If &true;, prevent the driver from spawning mongocryptd. Defaults to &false;.
- mongocryptdSpawnPath (string): Absolute path to search for mongocryptd binary. Defaults to empty string and consults system paths.
- mongocryptdSpawnArgs (array): Array of string arguments to pass to mongocryptd when spawning. Defaults to ["--idleShutdownTimeoutSecs=60"].
- cryptSharedLibPath (string): Absolute path to crypt_shared shared library. Defaults to empty string and consults system paths.
- cryptSharedLibRequired (bool): If &true;, require the driver to load crypt_shared. Defaults to &false;.
-
-
- See the Client-Side Encryption Specification for more information.
-
-
-
-
-
-
-
-
-
-
- Automatic encryption is an enterprise only feature that only
- applies to operations on a collection. Automatic encryption is not
- supported for operations on a database or view, and operations that
- are not bypassed will result in error. To bypass automatic
- encryption for all operations, set bypassAutoEncryption=true
- in autoEncryption. For more information on
- allowed operations, see the
- Client-Side Encryption Specification.
-
-
@@ -865,6 +729,140 @@ mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][
+
+ Options supported by automatic encryption:
+
+ autoEncryption
+
+
+
+ Option
+ Type
+ Description
+
+
+
+ &mongodb.option.encryption.keyVaultClient;
+ &mongodb.option.encryption.keyVaultNamespace;
+ &mongodb.option.encryption.kmsProviders;
+ &mongodb.option.encryption.tlsOptions;
+
+ schemaMap
+ arrayobject
+
+
+ Map of collection namespaces to a local JSON schema. This is
+ used to configure automatic encryption. See
+ Automatic Encryption Rules
+ in the MongoDB manual for more information. It is an error to
+ specify a collection in both schemaMap and
+ encryptedFieldsMap.
+
+
+
+ Supplying a schemaMap provides more
+ security than relying on JSON schemas obtained from the
+ server. It protects against a malicious server advertising a
+ false JSON schema, which could trick the client into sending
+ unencrypted data that should be encrypted.
+
+
+
+
+ Schemas supplied in the schemaMap only
+ apply to configuring automatic encryption for client side
+ encryption. Other validation rules in the JSON schema will
+ not be enforced by the driver and will result in an error.
+
+
+
+
+
+ bypassAutoEncryption
+ bool
+
+ If &true;, mongocryptd will not be spawned
+ automatically. This is used to disable automatic encryption.
+ Defaults to &false;.
+
+
+
+ bypassQueryAnalysis
+ bool
+
+
+ If &true;, automatic analysis of outgoing commands will be
+ disabled and mongocryptd will not be
+ spawned automatically. This enables the use case of explicit
+ encryption for querying indexed fields without requiring the
+ enterprise licensed crypt_shared library or
+ mongocryptd process. Defaults to &false;.
+
+
+
+
+ encryptedFieldsMap
+ arrayobject
+
+
+ Map of collection namespaces to an
+ encryptedFields document. This is used to
+ configure queryable encryption. See
+ Field Encryption and Queryability
+ in the MongoDB manual for more information. It is an error to
+ specify a collection in both
+ encryptedFieldsMap and
+ schemaMap.
+
+
+
+ Supplying an encryptedFieldsMap provides
+ more security than relying on an
+ encryptedFields obtained from the server.
+ It protects against a malicious server advertising a false
+ encryptedFields.
+
+
+
+
+
+ extraOptions
+ array
+
+
+ The extraOptions relate to the
+ mongocryptd process. The following options
+ are supported:
+
+
+ mongocryptdURI (string): URI to connect to an existing mongocryptd process. Defaults to "mongodb://localhost:27020".
+ mongocryptdBypassSpawn (bool): If &true;, prevent the driver from spawning mongocryptd. Defaults to &false;.
+ mongocryptdSpawnPath (string): Absolute path to search for mongocryptd binary. Defaults to empty string and consults system paths.
+ mongocryptdSpawnArgs (array): Array of string arguments to pass to mongocryptd when spawning. Defaults to ["--idleShutdownTimeoutSecs=60"].
+ cryptSharedLibPath (string): Absolute path to crypt_shared shared library. Defaults to empty string and consults system paths.
+ cryptSharedLibRequired (bool): If &true;, require the driver to load crypt_shared. Defaults to &false;.
+
+
+ See the Client-Side Encryption Specification for more information.
+
+
+
+
+
+
+
+
+ Automatic encryption is an enterprise only feature that only
+ applies to operations on a collection. Automatic encryption is not
+ supported for operations on a database or view, and operations that
+ are not bypassed will result in error. To bypass automatic
+ encryption for all operations, set bypassAutoEncryption=true
+ in autoEncryption. For more information on
+ allowed operations, see the
+ Client-Side Encryption Specification.
+
+
+