Use Case

As a Mongoose CSFLE/QE user,
I want easy access to a ClientEncryption object,
So that I can manage data keys for my CSFLE/QE implementation.

User Experience

• Users should be able to obtain a ClientEncryption instance directly from mongoose for a QE/CSFLE-enabled connection.  The CSFLE/QE enabled client encryption should inherit the same settings as defined on the connection (KMS settings, key vault settings, etc).

Dependencies

• n/a

Risks/Unknowns

• n/a

Acceptance Criteria

Implementation Requirements

• Add a mechanism to obtain an instance of a ClientEncryption to mongoose's model class.
  • If encryption is not configured, it returns nothing.
  • If encryption is configured, it returns a CE with:
    • the keyvault specified in the autoEncryptionOptions provided to `mongoose.connect()`
    • the KMS providers specified in the autoEncryptionOptions provided to `mongoose.connect()`
    • the TLS & proxy options specified in the autoEncryptionOptions provided to `mongoose.connect()`
    • the credentialProviders specified in the autoEncryptionOptions provided to `mongoose.connect()`
    • the keyvaultClient will be the keyVaultClient provided as an autoEncryption option, if provided, otherwise Mongoose connection's the underlying MongoClient

Testing Requirements

• Add tests for the above behaviors to `encryption.test.ts` in Mongoose.

Documentation Requirements

• Add documentation to Mongoose's FLE documentation about this feature.

Follow Up Requirements

• none.