We'd like to use mongo's native CSFLE offering (https://docs.mongodb.com/drivers/security/client-side-field-level-encryption-guide/), however as per the documentation, it seems like the data key id should be provided ahead of the initialisation of MongoClient.
In our use case, we need to use the same schema, however with different data keys, dynamically (e.g. a different data key for each customer in a multitenant architecture)
What is the idiomatic solution for this problem?
Edit: a similar question from mongodb's community forums: https://www.mongodb.com/community/forums/t/csfle-with-data-key-per-document/113161
Thanks!
You can do this with explicit encryption, and I believe this is one of the use cases for explicit encryption to begin with.
See https://docs.mongodb.com/ruby-driver/master/reference/client-side-encryption/#explicit-encryption for an example.