Subject : Client Side Field Level Encryption
For Automatic Encryption , the encrypt schema specifies the encryption options to use when encrypting the current field.
"bsonType" : "object",
"properties" : {
"<fieldName>" : {
"encrypt" : {
"algorithm" : "<string>",
"bsonType" : "<string>" | [ "<string>" ],
"keyId" : [ <UUID> ]
}
}
}
Why is the keyId an array ? Does this mean i can specify multiple Data Encryption keys(DEK) for to encrypt the same field … Would that not add to confusion . Which key would it be encrypted with (1st key or the second key ) . What is the logic applied here . Should 'nt the keyId just be a string .