mongodb
diff --git a/‎source/core/csfle/tutorials/kmip/kmip-automatic.txt
Lines changed: 154 additions & 18 deletions b/‎source/core/csfle/tutorials/kmip/kmip-automatic.txt
Lines changed: 154 additions & 18 deletions
diff --git a/‎source/includes/tutorials/automatic/kmip/certificates.rst
Lines changed: 68 additions & 12 deletions b/‎source/includes/tutorials/automatic/kmip/certificates.rst
Lines changed: 68 additions & 12 deletions
@@ -12,8 +12,6 @@ Use Automatic {+csfle+} with KMIP
    :depth: 2
    :class: singlecol
 
-.. tabs-selector:: drivers
-
 Overview
 --------
 
@@ -27,29 +25,54 @@ After you complete the steps in this guide, you should have:
 - A working client application that inserts encrypted documents
   using your {+cmk-long+}.
 
-.. note:: Limited Coverage
-
-   This tutorial contains code snippets for Java only, however,
-   the following language drivers support performing {+csfle-abbrev+}
-   with a {+kmip-kms+}:
-
-   - C#
-   - Python
-   - Go
-   - Node.js
-
-   We plan to add these languages to this guide soon.
-
 Before You Get Started
 ----------------------
 
 .. include:: /includes/set-up-section.rst
 
 .. include:: /includes/fact-csfle-placeholder.rst
 
+.. include:: /includes/select-your-language.rst
+
+.. see:: Full Application
+
+   To view the complete runnable application code for this tutorial, go to the
+   following link:
+
+   .. tabs-drivers::
+
+      .. tab:: Java
+         :tabid: java-sync
+
+         `Complete Java Application <{+sample-app-url-csfle+}/java/kmip/reader/>`__
+      
+      .. tab:: Node.js
+         :tabid: nodejs
+
+         `Complete Node.js Application <{+sample-app-url-csfle+}/node/kmip/reader/>`__
+
+      .. tab:: Python
+         :tabid: python
+
+         `Complete Python Application <{+sample-app-url-csfle+}/python/kmip/reader/>`__
+
+      .. tab:: C#
+         :tabid: csharp
+
+         `Complete C# Application <{+sample-app-url-csfle+}/dotnet/kmip/reader/CSFLE/>`__
+
+      .. tab:: Go
+         :tabid: go
+
+         `Complete Go Application <{+sample-app-url-csfle+}/go/kmip/reader/>`__
+
+.. tabs-selector:: drivers
+
 Set Up the KMS
 --------------
 
+.. include:: /includes/tutorials/language-id.rst
+
 .. procedure::
    :style: normal
 
@@ -64,13 +87,54 @@ Set Up the KMS
 Create the Application
 ----------------------
 
+Select the tab that corresponds to the MongoDB driver you are using in
+your application to see relevant code samples.
+
 .. procedure::
    :style: normal
 
-   .. step:: Generate your {+dek-long+}
+   .. step:: Create a Unique Index on Your Key Vault Collection
+
+      .. include:: /includes/tutorials/automatic/kmip/key-vault-index.rst
+
+   .. step:: Create a {+dek-long+}
 
       .. include:: /includes/tutorials/automatic/kmip/dek.rst
 
+      .. see:: Complete Code
+
+         .. tabs-drivers::
+
+            .. tab::
+               :tabid: java-sync
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-csfle+}/java/kmip/reader/src/main/java/com/mongodb/csfle/MakeDataKey.java>`__.
+
+            .. tab::
+               :tabid: nodejs
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-csfle+}/node/kmip/reader/make_data_key.js>`__.
+
+            .. tab::
+               :tabid: python
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-csfle+}/python/kmip/reader/make_data_key.py>`__.
+
+            .. tab::
+               :tabid: csharp
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-csfle+}/dotnet/kmip/reader/CSFLE/MakeDataKey.cs>`__.
+
+            .. tab::
+               :tabid: go
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-csfle+}/go/kmip/reader/make-data-key.go>`__.
+
    .. step:: Configure the MongoClient
 
       .. include:: /includes/tutorials/automatic/kmip/client.rst
@@ -79,6 +143,78 @@ Create the Application
 
       .. include:: /includes/tutorials/automatic/kmip/insert.rst
 
+      .. see:: Complete Code
+
+         .. tabs-drivers::
+
+            .. tab::
+               :tabid: java-sync
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/java/kmip/reader/src/main/java/com/mongodb/csfle/InsertEncryptedDocument.java>`__.
+
+            .. tab::
+               :tabid: nodejs
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/node/kmip/reader/insert_encrypted_document.js>`__.
+
+            .. tab::
+               :tabid: python
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/python/kmip/reader/insert_encrypted_document.py>`__.
+
+            .. tab::
+               :tabid: csharp
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/dotnet/kmip/reader/CSFLE/InsertEncryptedDocument.cs>`__
+
+            .. tab::
+               :tabid: go
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/go/kmip/reader/insert-encrypted-document.go>`__.
+
+   .. step:: Retrieve Your Encrypted Document
+
+      .. include:: /includes/tutorials/automatic/kmip/find.rst
+
+      .. see:: Complete Code
+
+         .. tabs-drivers::
+
+            .. tab::
+               :tabid: java-sync
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/java/kmip/reader/src/main/java/com/mongodb/csfle/InsertEncryptedDocument.java>`__.
+
+            .. tab::
+               :tabid: nodejs
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/node/kmip/reader/insert_encrypted_document.js>`__.
+
+            .. tab::
+               :tabid: python
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/python/kmip/reader/insert_encrypted_document.py>`__.
+
+            .. tab::
+               :tabid: csharp
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/dotnet/kmip/reader/CSFLE/InsertEncryptedDocument.cs>`__
+
+            .. tab::
+               :tabid: go
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-csfle+}/go/kmip/reader/insert-encrypted-document.go>`__.
+
 Learn More
 ----------
 
@@ -89,5 +225,5 @@ To learn more about the topics mentioned in this guide, see the
 following links:
 
 - Learn more about CSFLE components on the :ref:`Reference <csfle-reference>` page.
-- Learn how {+cmk-long+}s and {+dek-long+}s work on the :ref:`<csfle-reference-keys-key-vaults>` page
-- See how KMS Providers manage your CSFLE keys on the :ref:`<csfle-reference-kms-providers>` page.
+- Learn how {+cmk-long+}s and {+dek-long+}s work on the :ref:`<csfle-reference-keys-key-vaults>` page.
+- See how KMS Providers manage your CSFLE keys on the :ref:`<csfle-reference-kms-providers>` page.
@@ -3,20 +3,76 @@ a client certificate that your {+kmip-kms+} accepts:
 
 .. tabs-drivers::
 
-    .. tab::
-       :tabid: java-sync
+   .. tab::
+      :tabid: java-sync
 
-       Specify the following Java system properties to configure your client's
-       TLS connection: 
+      Specify the following Java system properties to configure your client's
+      TLS connection: 
 
-       .. code-block:: shell
+      .. code-block:: shell
 
-           -Djavax.net.ssl.keyStoreType=pkcs12
-           -Djavax.net.ssl.keyStore=<path to pkcs12 KeyStore containing your client certificate>
-           -Djavax.net.ssl.keyStorePassword=<KeyStore password>
+         -Djavax.net.ssl.keyStoreType=pkcs12
+         -Djavax.net.ssl.keyStore=<path to pkcs12 KeyStore containing your client certificate>
+         -Djavax.net.ssl.keyStorePassword=<KeyStore password>
 
-       .. note:: Configure Client With SSLContext
+      .. note:: Configure Client With SSLContext
 
-           If you would rather configure your client application using an SSL context, use the 
-           `kmsProviderSslContextMap <{+java-driver-api+}/mongodb-driver-core/com/mongodb/ClientEncryptionSettings.Builder.html#kmsProviderSslContextMap(java.util.Map)>`__
-           method.
+         If you would rather configure your client application using an SSL context, use the 
+         `kmsProviderSslContextMap <{+java-driver-api+}/mongodb-driver-core/com/mongodb/ClientEncryptionSettings.Builder.html#kmsProviderSslContextMap(java.util.Map)>`__
+         method.
+
+   .. tab::
+      :tabid: nodejs
+
+      .. literalinclude:: /includes/generated/in-use-encryption/csfle/node/kmip/reader/make_data_key.js
+         :start-after: start-create-tls
+         :end-before: end-create-tls
+         :language: javascript
+         :dedent:
+         :caption: make_data_key.js
+
+   .. tab::
+      :tabid: python
+
+      .. literalinclude:: /includes/generated/in-use-encryption/csfle/python/kmip/reader/make_data_key.py
+         :start-after: start-create-tls
+         :end-before: end-create-tls
+         :language: python
+         :dedent:
+         :caption: make_data_key.py
+
+   .. tab::
+      :tabid: csharp
+
+      .. literalinclude:: /includes/generated/in-use-encryption/csfle/dotnet/kmip/reader/CSFLE/MakeDataKey.cs
+         :start-after: start-create-tls
+         :end-before: end-create-tls
+         :language: csharp
+         :dedent:
+         :caption: MakeDataKey.cs
+
+      .. important::
+      
+         Your client certificate must be in pcks12 format. You can convert
+         your certificate using openssl with the following command:
+
+         .. code-block:: shell
+         
+            openssl pcks12 -export -out "<new pcks12 certificate>" -in "<certificate to convert>" \
+            -name "<new certificate name>" -password "<new certificate password>"
+
+   .. tab::
+      :tabid: go
+
+      .. literalinclude:: /includes/generated/in-use-encryption/csfle/go/kmip/reader/make-data-key.go
+         :start-after: start-create-tls
+         :end-before: end-create-tls
+         :language: go
+         :dedent:
+         :caption: make-data-key.go
+
+      .. important::
+      
+         You must use certificates with `ECDSA keys <https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm>`__ 
+         when using the Go driver with PyKMIP.
+