Watch keynotes and sessions from, our virtual developer conference.

Golang client side encryption - multiple local master keys


I’m looking at the golang driver examples for client side encryption. Specifically, the example for ExplicitEncryptionWithAutomaticDecryption.

The thing I’m noticing is that the mongo.Connect call takes AutoEncryptionOptions() which contain a KMS provider and namespace. Then NewClientEncryption takes its own KMS provider and namespace.

What I’m wondering is - can I use multiple master keys? e.g. one per collection?

I suspect it’s possible to have multiple NewClientEncryption configured with different local master keys, but then what should I do with the KMS details on the AutoEncryptionOptions()?