(DOCSP-24937) KMIP Tutorial (#1747)

* kmip qe reader update

* formatting

* init

* build errors rst

* add missing code snippets

* convo with cynthia - use kmip-compliant key provider rather than kmip kms or kmip provider

* terminology update

* tweak

* proofread

* broken links

* tweak

* tweak

Author: biniona-mongodb

snooty.toml

@@ -264,8 +264,9 @@ manual-enc = "explicit encryption"
 manual-enc-title = "Explicit Encryption"
 manual-enc-first = "Explicit encryption"
 kmip-hover = ":abbr:`KMIP (Key Management Interoperability Protocol)`"
-kmip-kms-no-hover = "KMIP-compliant Key Management System"
-kmip-kms = "{+kmip-hover+}-compliant {+kms-abbr+}"
+kmip-kms-no-hover = "KMIP-compliant key provider"
+kmip-kms = "{+kmip-hover+}-compliant key provider"
+kmip-kms-title = "KMIP-Compliant Key Provider"
 csfle-code-snippets-gen-keys = "https://github.com/mongodb/docs/tree/master/source/includes/quick-start/generate-master-key"
 libmongocrypt-version = "1.5"
 sample-app-url-csfle = "https://github.com/mongodb-university/docs-in-use-encryption-examples/tree/main/csfle"

source/core/csfle/tutorials/kmip/kmip-automatic.txt

@@ -17,7 +17,7 @@ Overview
 
 This guide shows you how to build a {+csfle+} ({+csfle-abbrev+})-enabled
 application using a Key Management Interoperability Protocol
-(KMIP)-compliant **{+kms-long+}** (KMS).
+(KMIP)-compliant key provider.
 
 After you complete the steps in this guide, you should have:
 

source/core/queryable-encryption/features.txt

@@ -67,7 +67,7 @@ The process and mechanisms that makes this possible within the
    - AWS Key Management Service (AWS KMS) 
    - Google Cloud KMS
    - Azure Key Vault
-   - Any KMIP-enabled provider
+   - Any {+kmip-kms+}
 
 3. The driver submits the query to the MongoDB server with the encrypted 
    fields rendered as ciphertext.

source/core/queryable-encryption/tutorials.txt

@@ -30,6 +30,10 @@ Read the following pages to learn how to use {+qe+} with your preferred
 
   - :ref:`qe-tutorial-automatic-gcp`
 
+- Any {+kmip-kms-title+}
+
+  - :ref:`qe-tutorial-automatic-kmip`
+
 To learn how to use {+manual-enc+} with {+qe+}, read
 :ref:`<qe-tutorials-manual-encryption>`.
 
@@ -39,4 +43,5 @@ To learn how to use {+manual-enc+} with {+qe+}, read
    /core/queryable-encryption/tutorials/aws/aws-automatic
    /core/queryable-encryption/tutorials/azure/azure-automatic
    /core/queryable-encryption/tutorials/gcp/gcp-automatic
+   /core/queryable-encryption/tutorials/kmip/kmip-automatic
    /core/queryable-encryption/tutorials/explicit-encryption

source/core/queryable-encryption/tutorials/kmip/kmip-automatic.txt

@@ -0,0 +1,225 @@
+.. _qe-tutorial-automatic-kmip:
+
+===========================================================
+Use Automatic {+qe+} with KMIP
+===========================================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 2
+   :class: singlecol
+
+Overview
+--------
+
+This guide shows you how to build a {+qe+} ({+qe-abbr+})-enabled
+application using a Key Management Interoperability Protocol
+(KMIP)-compliant key provider.
+
+After you complete the steps in this guide, you should have:
+
+- A {+cmk-long+} hosted on a {+kmip-kms+}.
+- A working client application that inserts encrypted documents
+  using your {+cmk-long+}.
+
+Before You Get Started
+----------------------
+
+.. include:: /includes/queryable-encryption/set-up-section.rst
+
+.. include:: /includes/fact-csfle-placeholder.rst
+
+.. include:: /includes/select-your-language.rst
+
+.. see:: Full Application
+
+   To view the complete runnable application code for this tutorial, go to the
+   following link:
+
+   .. tabs-drivers::
+
+      .. tab:: Java
+         :tabid: java-sync
+
+         `Complete Java Application <{+sample-app-url-qe+}/java/kmip/reader/>`__
+      
+      .. tab:: Node.js
+         :tabid: nodejs
+
+         `Complete Node.js Application <{+sample-app-url-qe+}/node/kmip/reader/>`__
+
+      .. tab:: Python
+         :tabid: python
+
+         `Complete Python Application <{+sample-app-url-qe+}/python/kmip/reader/>`__
+
+      .. tab:: C#
+         :tabid: csharp
+
+         `Complete C# Application <{+sample-app-url-qe+}/dotnet/kmip/reader/QueryableEncryption/>`__
+
+      .. tab:: Go
+         :tabid: go
+
+         `Complete Go Application <{+sample-app-url-qe+}/go/kmip/reader/>`__
+
+.. tabs-selector:: drivers
+
+Set Up the KMS
+--------------
+
+.. include:: /includes/tutorials/language-id.rst
+
+.. procedure::
+   :style: normal
+
+   .. step:: Configure your {+kmip-kms-title+}
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/configure.rst
+
+   .. step:: Specify your Certificates
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/certificates.rst
+
+Create the Application
+----------------------
+
+Select the tab that corresponds to the MongoDB driver you are using in
+your application to see relevant code samples.
+
+.. procedure::
+   :style: normal
+
+   .. step:: Create a Unique Index on Your Key Vault Collection
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/key-vault-index.rst
+
+   .. step:: Create a {+dek-long+}
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/dek.rst
+
+      .. see:: Complete Code
+
+         .. tabs-drivers::
+
+            .. tab::
+               :tabid: java-sync
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-qe+}/java/kmip/reader/src/main/java/com/mongodb/qe/MakeDataKey.java>`__.
+
+            .. tab::
+               :tabid: nodejs
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-qe+}/node/kmip/reader/make_data_key.js>`__.
+
+            .. tab::
+               :tabid: python
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-qe+}/python/kmip/reader/make_data_key.py>`__.
+
+            .. tab::
+               :tabid: csharp
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-qe+}/dotnet/kmip/reader/QueryableEncryption/MakeDataKey.cs>`__.
+
+            .. tab::
+               :tabid: go
+
+               To view the complete code for making a {+dek-long+}, see
+               `our Github repository <{+sample-app-url-qe+}/go/kmip/reader/make-data-key.go>`__.
+
+   .. step:: Configure the MongoClient
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/client.rst
+
+   .. step:: Insert a Document with Encrypted Fields
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/insert.rst
+
+      .. see:: Complete Code
+
+         .. tabs-drivers::
+
+            .. tab::
+               :tabid: java-sync
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/java/kmip/reader/src/main/java/com/mongodb/qe/InsertEncryptedDocument.java>`__.
+
+            .. tab::
+               :tabid: nodejs
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/node/kmip/reader/insert_encrypted_document.js>`__.
+
+            .. tab::
+               :tabid: python
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/python/kmip/reader/insert_encrypted_document.py>`__.
+
+            .. tab::
+               :tabid: csharp
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/dotnet/kmip/reader/QueryableEncryption/InsertEncryptedDocument.cs>`__
+
+            .. tab::
+               :tabid: go
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/go/kmip/reader/insert-encrypted-document.go>`__.
+
+   .. step:: Retrieve Your Encrypted Document
+
+      .. include:: /includes/queryable-encryption/tutorials/automatic/kmip/find.rst
+
+      .. see:: Complete Code
+
+         .. tabs-drivers::
+
+            .. tab::
+               :tabid: java-sync
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/java/kmip/reader/src/main/java/com/mongodb/qe/InsertEncryptedDocument.java>`__.
+
+            .. tab::
+               :tabid: nodejs
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/node/kmip/reader/insert_encrypted_document.js>`__.
+
+            .. tab::
+               :tabid: python
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/python/kmip/reader/insert_encrypted_document.py>`__.
+
+            .. tab::
+               :tabid: csharp
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/dotnet/kmip/reader/QueryableEncryption/InsertEncryptedDocument.cs>`__
+
+            .. tab::
+               :tabid: go
+
+               To view the complete code for inserting an encrypted document, see
+               `our Github repository <{+sample-app-url-qe+}/go/kmip/reader/insert-encrypted-document.go>`__.
+
+Learn More
+----------
+
+To learn more about the topics mentioned in this guide, see the
+following links:
+
+- :ref:`<qe-reference-keys-key-vaults>`
+- :ref:`<qe-fundamentals-kms-providers>`

source/includes/generated/in-use-encryption/csfle/dotnet/kmip/reader/CSFLE/InsertEncryptedDocument.cs

@@ -26,7 +26,7 @@ public static void Insert()
             var provider = "kmip";
             var kmipKmsOptions = new Dictionary<string, object>
             {
-               { "endpoint", "<endpoint for your KMIP KMS>" },
+               { "endpoint", "<endpoint for your KMIP-compliant key provider>" },
             };
             kmsProviders.Add(provider, kmipKmsOptions);
             // end-kmsproviders

source/includes/generated/in-use-encryption/csfle/dotnet/kmip/reader/CSFLE/MakeDataKey.cs

@@ -22,14 +22,14 @@ public static void MakeKey()
             var provider = "kmip";
             var kmipKmsOptions = new Dictionary<string, object>
             {
-               { "endpoint", "<endpoint for your KMIP KMS>" },
+               { "endpoint", "<endpoint for your KMIP-compliant key provider>" },
             };
             kmsProviders.Add(provider, kmipKmsOptions);
             // end-kmsproviders
 
             // start-datakeyopts
             var dataKeyOptions = new DataKeyOptions(
-                masterKey: new BsonDocument { } // an empty key object prompts your KMIP provider to generate a new Customer Master Key
+                masterKey: new BsonDocument { } // an empty key object prompts your KMIP-compliant key provider to generate a new Customer Master Key
             );
             // end-datakeyopts
             // start-create-index

source/includes/generated/in-use-encryption/csfle/go/kmip/reader/insert-encrypted-document.go

@@ -24,7 +24,7 @@ func Insert() error {
 	provider := "kmip"
 	kmsProviders := map[string]map[string]interface{}{
 		provider: {
-			"endpoint": "<endpoint for your KMIP KMS>",
+			"endpoint": "<endpoint for your KMIP-compliant key provider>",
 		},
 	}
 	// end-kmsproviders

source/includes/generated/in-use-encryption/csfle/go/kmip/reader/make-data-key.go

@@ -19,13 +19,13 @@ func MakeKey() error {
 	provider := "kmip"
 	kmsProviders := map[string]map[string]interface{}{
 		provider: {
-			"endpoint": "<endpoint for your KMIP KMS>",
+			"endpoint": "<endpoint for your KMIP-compliant key provider>",
 		},
 	}
 	// end-kmsproviders
 
 	// start-datakeyopts
-	masterKey := map[string]interface{}{} // an empty key object prompts your KMIP provider to generate a new Customer Master Key
+	masterKey := map[string]interface{}{} // an empty key object prompts your KMIP-compliant key provider to generate a new Customer Master Key
 	// end-datakeyopts
 
 	// start-create-index

source/includes/generated/in-use-encryption/csfle/java/kmip/reader/src/main/java/com/mongodb/csfle/InsertEncryptedDocument.java

@@ -60,7 +60,7 @@ public static void main(String[] args) throws Exception {
         String kmsProvider = "kmip";
         Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
         Map<String, Object> providerDetails = new HashMap<>();
-        providerDetails.put("endpoint", "<endpoint for your KMIP KMS>");
+        providerDetails.put("endpoint", "<endpoint for your KMIP-compliant key provider>");
         kmsProviders.put(kmsProvider, providerDetails);
         // end-kmsproviders
 

source/includes/generated/in-use-encryption/csfle/java/kmip/reader/src/main/java/com/mongodb/csfle/MakeDataKey.java

@@ -53,12 +53,12 @@ public static void main(String[] args) throws Exception {
         String kmsProvider = "kmip";
         Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
         Map<String, Object> providerDetails = new HashMap<>();
-        providerDetails.put("endpoint", "<endpoint for your KMIP KMS>");
+        providerDetails.put("endpoint", "<endpoint for your KMIP-compliant key provider>");
         kmsProviders.put(kmsProvider, providerDetails);
         // end-kmsproviders
 
         // start-datakeyopts
-        BsonDocument masterKeyProperties = new BsonDocument(); // an empty key object prompts your KMIP provider to generate a new Customer Master Key
+        BsonDocument masterKeyProperties = new BsonDocument(); // an empty key object prompts your KMIP-compliant key provider to generate a new Customer Master Key
         // end-datakeyopts
 
         // start-create-index

source/includes/generated/in-use-encryption/csfle/node/kmip/reader/insert_encrypted_document.js

@@ -9,7 +9,7 @@ var namespace = `${db}.${coll}`;
 const provider = "kmip";
 const kmsProviders = {
   kmip: {
-    endpoint: "<endpoint for your KMIP KMS>",
+    endpoint: "<endpoint for your KMIP-compliant key provider>",
   },
 };
 // end-kmsproviders

source/includes/generated/in-use-encryption/csfle/node/kmip/reader/make_data_key.js

@@ -6,13 +6,13 @@ const { MongoClient, Binary } = mongodb;
 const provider = "kmip";
 const kmsProviders = {
   kmip: {
-    endpoint: "<endpoint for your KMIP KMS>",
+    endpoint: "<endpoint for your KMIP-compliant key provider>",
   },
 };
 // end-kmsproviders
 
 // start-datakeyopts
-const masterKey = {}; // an empty key object prompts your KMIP provider to generate a new Customer Master Key
+const masterKey = {}; // an empty key object prompts your KMIP-compliant key provider to generate a new Customer Master Key
 // end-datakeyopts
 
 async function main() {

source/includes/generated/in-use-encryption/csfle/python/kmip/reader/insert_encrypted_document.py

@@ -15,7 +15,9 @@
 
 # start-kmsproviders
 provider = "kmip"
-kms_providers = {provider: {"endpoint": "<endpoint for your KMIP KMS>"}}
+kms_providers = {
+    provider: {"endpoint": "<endpoint for your KMIP-compliant key provider>"}
+}
 # end-kmsproviders
 
 # start-schema