ming.encryption module

class ming.encryption.DecryptedField(field_type: type[T], encrypted_field: str)

Creates a field that acts as an automatic getter/setter for the target field name specified encrypted_field.

Note

Interally :class:.DecryptedField uses getattr and setattr on self using the encrypted_field name.

class MyDocument(Document):
    email_encrypted = Field(ming.schema.Binary)
    email = DecryptedField(str, 'email_encrypted')

Parameters:

• field_type – The Type of the decrypted field

• encrypted_field – The name of the encrypted attribute to operate on

class ming.encryption.EncryptedMixin

A mixin intended to be used with Document or MappedClass to provide encryption. All configuration is handled by an instance of a ming.encryption.EncryptionConfig that is passed to the ming.datastore.DataStore instance that the Document/MappedClass is bound to.

Generally, don’t use this directly, but instead call the methods on the Document/MappedClass you’re working with.

classmethod decr(b: bytes | None) → str | None

Decrypts a string using the encryption configuration of the ming datastore that this class is bound to.

decrypt_some_fields() → dict

Returns a dict with raw data. Removes encrypted fields and replaces them with decrypted data. Useful for json.

classmethod decrypted_field_names() → list[str]

Returns a list of field names that have _encrypted counterts.

For example, if a class has fields email and email_encrypted, this method would return ['email'].

classmethod encr(s: str | None, provider='local') → bytes | None

Encrypts a string using the encryption configuration of the ming datastore that this class is bound to. Most of the time, you won’t need to call this directly, as it is used by the ming.encryption.EncryptedDocumentMixin.encrypt_some_fields() method.

classmethod encrypt_some_fields(data: dict) → dict

Encrypts some fields in a dictionary using the encryption configuration of the ming datastore that this class is bound to.

Parameters:

data – a dictionary of data to be encrypted

Returns:

a modified copy of the data param with the currently-unencrypted-but-encryptable fields replaced with _encrypted counterparts.

classmethod encrypted_field_names() → list[str]

Returns the field names of all encrypted fields. Fields are assumed to be encrypted if they end with _encrypted.

For example if a class has fields email and email_encrypted, this method would return ['email_encrypted'].

class ming.encryption.EncryptionConfig(config: dict)

A class to hold the encryption configuration for a ming datastore.

Parameters:

config – a dictionary that closely resembles various features of the MongoDB encryption that we support.

property key_vault_namespace: str

Describes which mongodb database/collection combo your auto-generated encryption data keys will be stored.

This is a string in the format <database>.<collection>.

property kms_providers: dict

Returns the kms providers used in this configuration. These values are passed directly to pymongo.

See the documentation for the pymongo.encryption.ClientEncryption constructor for more information on valid values for kms_providers.

A typical example of the kms_providers field using the local provider would look like this:

property provider_options: dict

Returns all of the provider options used by this configuration when calling the underlying pymongo.encryption.ClientEncryption.create_data_key() method.

See the documentation for pymongo’s pymongo.encryption.ClientEncryption.create_data_key() method for more information on valid values for provider_options.

A typical example of the provider_options field using the local provider would look like this:

exception ming.encryption.MingEncryptionError