Right now you can use CSFLE with the EF Provider but only if you create the schema by hand.

It would be great if the fluent API contained some additional methods that would then generate the schema and wire it up to the MongoClient before starting use.

Suggested API

MongoDbContextOptions

• WithCustomerMasterKey(byte[] customerMasterKey)
• WithDefaultDataKey(Guid dataKey)
• WithDefaultEncryptionAlgorithm(FieldEncryptionAlgorithm algorithm)

MongoEntityTypeBuilderExtensions

• WithDataKey(Guid dataKey)
• WithDefaultEncryptionAlgorithm(FieldEncryptionAlgorithm algorithm)

MongoPropertyBuilderExtensions

• WithEncryption()
• WithEncryption(FieldEncryptionAlgorithm algorithm)

FieldEncryptionAlgorithm enum

• AEADAES256CBCHMACSHA512Deterministic
• AEADAES256CBCHMACSHA512Random

Need to find better names for these? Or just allow deterministic vs random bool?

Implementation

Recommended that the MongoClientWrapper take the IModel and then to read the annotations using a heirarchical fallback to generate the encryption schema.

The schema can than be applied to the new generated MongoClient.

Open question: What to do if they've registered or provided an IMongoClient? We can't use it as-is as it won't have the schema on it. Either throw or create a new mongo client using the options?