It would be very convenient if passing in-memory TLS PEM options (tlsCAFile, tlsCertificateKeyFile) to the driver did not require creating a temporary file to store them and passing the filename to the driver.

For the main driver options, this is already the case because Node.js TLS options can be passed through; for AutoEncryptionTlsOptions this is currently not possible.

Acceptance Criteria:

• Utilize secureContext to pass tlsCAFile & tlsCertificateKeyFile as in memory options to both the auto encrypter (MongoClientOptions.autoEncryption.tlsOptions) and ClientEncryption.
  • If the driver-specific options are provided and a secure context is provided, the secure context takes precedence.

Testing Requirements:

• Test that both `ca` and `cert` can be provided as in-memory buffers in a secure context for auto encryption and explicit encryption (this ticket's primary motivator).
• Test that when a secure context is provided, the secure context is passed into the tls.connect() factory method when establishing a TLS connection.
• Test that when both the driver's TLS options (tlsCAFile & tlsCertificateKeyFile) and a secure context are provided, the secure context takes precedence over the driver TLS options.
  • In this scenario, we'll likely want to also ensure that no file access is made to obtain the contents of tlsCertificateKeyFile and tlsCAFile.

Docs Requirements:

• TBD (likely want both API and MongoDB manual docs to explain precedence rules)