Code review fixes (8/x)

- Removed all signs of client side vs. server side configuration of
  Queryable Encryption which can be too easily confused with client-side
  encryption, which is what Queryable Encryption is.

Author: aclark4life

docs/source/howto/queryable-encryption.rst

@@ -1,3 +1,5 @@
+.. _configuring-queryable-encryption:
+
 ================================
 Configuring Queryable Encryption
 ================================
@@ -11,8 +13,6 @@ Configuring Queryable Encryption
    :ref:`This table <manual:qe-compatibility-reference>` shows which MongoDB
    server products support which Queryable Encryption mechanisms.
 
-.. _server-side-queryable-encryption:
-
 Configuring Queryable Encryption in Django is similar to
 :doc:`manual:core/queryable-encryption/quick-start` but with some additional
 steps required for Django.
@@ -23,20 +23,10 @@ Prerequisites
 In addition to :doc:`installing </intro/install>` and :doc:`configuring
 </intro/configure>` Django MongoDB Backend, you will need to install some
 additional packages to use Queryable Encryption. This can be done with the
-optional dependency ``encryption`` in the ``django-mongodb-backend`` package.
+optional dependency ``encryption`` in the ``django-mongodb-backend`` package::
 
     pip install django-mongodb-backend[encryption]
 
-.. _server-side-queryable-encryption-settings:
-
-Server-side Queryable Encryption
---------------------------------
-
-Queryable Encryption is considered "server-side" when the encrypted fields map
-is not known at the time of connection to the database and this approach allows
-you to begin developing applications without needing to define the encrypted
-fields map at the time of connection to the database.
-
 Settings
 --------
 
@@ -88,9 +78,6 @@ Here's how to set it up in your Django settings::
 
     DATABASE_ROUTERS = [EncryptedRouter()]
 
-You are now ready to use server-side :doc:`Queryable Encryption
-</topics/queryable-encryption>`.
-
 .. admonition:: KMS providers and credentials
 
     The above example uses a local KMS provider with a randomly generated
@@ -105,21 +92,11 @@ You are now ready to use server-side :doc:`Queryable Encryption
     You can also refer to the `Python Queryable Encryption Tutorial
     <https://github.com/mongodb/docs/tree/adad2b1ae41ec81a6e5682842850030813adc1e5/source/includes/qe-tutorials/python>`_.
 
-.. _client-side-queryable-encryption:
-
-Client-side Queryable Encryption
---------------------------------
-
-Queryable Encryption is considered "client-side" when the encrypted fields map
-is known at the time of connection to the database. This approach can be used
-when you have finished development and you have a fixed set of encrypted fields
-that you want to use in your production environment.
-
 Encrypted fields map
 ~~~~~~~~~~~~~~~~~~~~
 
 In addition to the :ref:`settings described in the how-to guide
-<server-side-queryable-encryption-settings>` you will need to provide a
+<queryable-encryption-settings>` you will need to provide a
 ``encrypted_fields_map`` to the ``AutoEncryptionOpts``.
 
 You can use the :djadmin:`showencryptedfieldsmap` management command to generate
@@ -145,14 +122,16 @@ facilitate Queryable Encryption operations.
 Settings
 ~~~~~~~~
 
-Now include the generated schema map in your Django settings::
+Now include the crypt shared library path and generated schema map in your
+Django settings::
 
     …
     DATABASES["encrypted"] = {
         …
         "OPTIONS": {
             "auto_encryption_opts": AutoEncryptionOpts(
                 …
+                crypt_shared_lib_path="/path/to/mongo_crypt_v1",
                 encrypted_fields_map = {
                     "encryption__patientrecord": {
                         "fields": [
@@ -172,5 +151,5 @@ Now include the generated schema map in your Django settings::
         …
     }
 
-You are now ready to use client-side :doc:`Queryable Encryption
+You are now ready to use :doc:`Queryable Encryption
 </topics/queryable-encryption>`.

docs/source/ref/models/fields.rst

@@ -424,13 +424,13 @@ These indexes use 0-based indexing.
 .. _encrypted-fields:
 
 Encrypted fields
-----------------
+================
 
 .. versionadded:: 5.2.0b2
 
 Encrypted fields are subclasses of Django's built-in fields and can be used to
 store sensitive data with MongoDB's :ref:`Queryable Encryption
-<server-side-queryable-encryption>` feature. They are subclasses of Django's
+<queryable-encryption>` feature. They are subclasses of Django's
 built-in fields before storing it in the database.
 
 +----------------------------------------+------------------------------------------------------+
@@ -469,11 +469,14 @@ built-in fields before storing it in the database.
 | ``EncryptedURLField``                  | :class:`~django.db.models.URLField`                  |
 +----------------------------------------+------------------------------------------------------+
 
-.. class:: EncryptedFieldMixin
-
 ``EncryptedFieldMixin``
 -----------------------
 
+.. class:: EncryptedFieldMixin
+
+   A mixin that can be used to create custom encrypted fields
+   that support MongoDB's Queryable Encryption.
+
 You can use the ``EncryptedFieldMixin`` to create your own encrypted fields. This mixin
 supports the use of a ``queries`` argument in the field definition to specify query type
 for the field::

docs/source/ref/settings.rst

@@ -2,8 +2,24 @@
 Settings
 ========
 
-Core Settings
-=============
+.. _queryable-encryption-settings:
 
-Here's a list of settings available in Django MongoDB Backend and their default
-values.
+Queryable Encryption
+====================
+
+The following :setting:`django:DATABASES` inner options have been added to
+support KMS configuration for Queryable Encryption.
+
+.. setting:: DATABASE-KMS-PROVIDERS
+
+``KMS_PROVIDERS``
+-----------------
+
+Default: ``{}``
+
+.. setting:: DATABASE-KMS-CREDENTIALS
+
+``KMS_CREDENTIALS``
+-------------------
+
+Default: ``{}``

docs/source/topics/queryable-encryption.rst

@@ -1,3 +1,5 @@
+.. _queryable-encryption:
+
 ====================
 Queryable Encryption
 ====================