@@ -488,36 +488,6 @@ def _create_collection(self, model):
488488 # Unencrypted path
489489 db .create_collection (db_table )
490490
491- def _get_data_key (
492- self ,
493- client_encryption ,
494- key_vault_collection ,
495- create_data_keys ,
496- kms_provider ,
497- master_key ,
498- key_alt_name ,
499- ):
500- """Return an existing or newly-created data key ID for a field."""
501- if create_data_keys :
502- if not client_encryption :
503- raise ImproperlyConfigured ("client_encryption is not configured." )
504- return client_encryption .create_data_key (
505- kms_provider = kms_provider ,
506- master_key = master_key ,
507- key_alt_names = [key_alt_name ],
508- )
509- if key_vault_collection is None :
510- raise ImproperlyConfigured (
511- f"Encrypted field { key_alt_name }
512- )
513- key = key_vault_collection .find_one ({"keyAltNames" : key_alt_name })
514- if not key :
515- raise ValueError (
516- f"No key found in keyvault for keyAltName={ key_alt_name }
517- "Run with '--create-data-keys' to create missing keys."
518- )
519- return key ["_id" ]
520-
521491 def _get_encrypted_fields (
522492 self , model , create_data_keys = False , key_alt_name = None , path_prefix = None
523493 ):
@@ -564,14 +534,15 @@ def _get_encrypted_fields(
564534
565535 if getattr (field , "encrypted" , False ):
566536 bson_type = field .db_type (connection )
567- data_key = self ._get_data_key (
568- client_encryption ,
569- key_vault_collection ,
570- create_data_keys ,
571- kms_provider ,
572- master_key ,
573- new_key_alt_name ,
574- )
537+ if create_data_keys :
538+ data_key = client_encryption .create_data_key (
539+ kms_provider = kms_provider ,
540+ master_key = master_key ,
541+ key_alt_names = [new_key_alt_name ],
542+ )
543+ else :
544+ key = key_vault_collection .find_one ({"keyAltNames" : new_key_alt_name })
545+ data_key = key ["_id" ]
575546 field_dict = {
576547 "bsonType" : bson_type ,
577548 "path" : path ,
0 commit comments