FLE documentation updates (#85)

* DOCSP-13918: [mongosh] FLE docs

* DOCSP-13918: [mongosh] FLE docs

* fixups

* updates per review

Co-authored-by: Steve Renaker <[email protected]>

Author: jeff-allen-mongo

source/install.txt

@@ -60,6 +60,16 @@ Procedure
       ``mongosh`` from an archive instead, see
       :ref:`macos-install-archive`.
 
+      Considerations
+      ``````````````
+
+      ``mongosh`` installed with Homebrew does not support
+      :manual:`automatic client-side field level encryption
+      </core/security-automatic-client-side-encryption/>`.
+
+      Procedure
+      `````````
+
       To install ``mongosh`` with Homebrew:
 
       .. include:: /includes/steps/install-shell-macos-homebrew.rst

source/reference/methods.txt

@@ -356,6 +356,56 @@ Connection Methods
 
      - Description
 
+   * - :method:`Mongo()`
+
+     - JavaScript constructor to instantiate a database connection from
+       the ``mongo`` shell or from a JavaScript file.
+
+       The :method:`Mongo()` method has the following parameters:
+
+       .. list-table::
+           :header-rows: 1
+           :widths: 20 20 80
+
+           * - Parameter
+       
+             - Type
+       
+             - Description
+       
+           * - ``host``
+       
+             - string
+       
+             - *Optional*
+             
+               The connection string for the target database
+               connection.
+
+               If omitted, :method:`Mongo` instantiates a connection to the 
+               localhost interface on the default port ``27017``.
+
+           * - ``ClientSideFieldLevelEncryptionOptions``
+             
+             - Document
+
+             - *Optional* 
+               
+               .. versionadded:: 4.2
+
+               Configuration parameters for enabling
+               :manual:`Client-Side Field Level Encryption
+               </core/security-client-side-encryption>`.
+
+               ``ClientSideFieldLevelEncryptionOptions`` overrides the
+               existing client-side field level encryption configuration of
+               the database connection. If omitted, :method:`Mongo()`
+               inherits the client-side field level encryption configuration
+               of the current database connection.
+
+               For documentation of usage and syntax, see
+               :ref:`ClientSideFieldLevelEncryptionOptions`.
+
    * - :method:`Mongo.getDB()`
 
      - Returns a database object.
@@ -366,7 +416,7 @@ Connection Methods
 
    * - :method:`Mongo.watch()`
 
-     - Opens a :manual:`change stream cursor </change-streams>` for a replica
+     - Opens a :manual:`change stream cursor </changeStreams>` for a replica
        set or a sharded cluster to report on all its non-system collections
        across its databases, with the exception of the ``admin``, ``local``,
        and ``config`` databases.
@@ -691,6 +741,89 @@ standalone and replica set deployments.
 
      - Returns the free cloud monitoring status for your deployment.
 
+Client-Side Field Level Encryption Methods
+------------------------------------------
+
+.. note:: Limitations
+
+   - Automatic encryption is only available when ``mongosh`` is connected
+     to an Atlas cluster or a MongoDB Enterprise Server. For details,
+     see :manual:`Automatic Client-Side Field Level Encryption
+     </core/security-automatic-client-side-encryption/>`. The methods
+     listed in this section are used for *manual* encryption, and are
+     supported on non-enterprise servers.
+
+   - Automatic encryption is not available with the Homebrew installation
+     of ``mongosh``.
+
+   - Field level encryption is only available in the ``mongosh`` binary,
+     and not available in the :compass:`embedded Compass shell
+     </embedded-shell>`. 
+
+.. list-table::
+   :widths: 30 70
+   :header-rows: 1
+
+   * - Method
+
+     - Description
+
+   * - :method:`ClientEncryption.decrypt()`
+
+     - Decrypts the specified ``encryptedValue`` if the current database
+       connection was configured with access to the Key Management Service
+       (KMS) and key vault used to encrypt ``encryptedValue``.
+
+   * - :method:`ClientEncryption.encrypt()`
+
+     - Encrypts the specified value using the specified ``encryptionKeyId``
+       and ``encryptionAlgorithm``.
+
+   * - :method:`getClientEncryption()`
+
+     - Returns the ``ClientEncryption`` object for the current database
+       collection.
+
+   * - :method:`getKeyVault()`
+
+     - Returns the ``KeyVault`` object for the current database connection. 
+
+   * - :method:`KeyVault.addKeyAlternateName()`
+
+     - Adds the ``keyAltName`` to the ``keyAltNames`` array of the data
+       encryption key with the specified UUID.
+
+   * - :method:`KeyVault.createKey()`
+
+     - Adds a data encryption key to the key vault associated to the
+       database connection.
+
+   * - :method:`KeyVault.deleteKey()`
+
+     - Deletes a data encryption key with the specified UUID from the key
+       vault associated to the database connection.
+
+   * - :method:`KeyVault.getKey()`
+
+     - Gets a data encryption key with the specified UUID. The data
+       encryption key must exist in the key vault associated to the
+       database connection.
+
+   * - :method:`KeyVault.getKeyByAltName()`
+
+     - Gets all data encryption keys with the specified ``keyAltName``.
+
+   * - :method:`KeyVault.getKeys()`
+
+     - Returns all data encryption keys stored in the key vault associated
+       to the database connection.
+
+   * - :method:`KeyVault.removeKeyAlternateName()`
+
+     - Removes the specified ``keyAltName`` from the data encryption key
+       with the specified UUID. The data encryption key must exist in the
+       key vault associated to the database connection.
+
 Native Methods
 --------------