DOCSP-27783 updates TEST_LOCAL_KEY examples to more securely use process.env (#2487)

* DOCSP-27783

* internal review feedback

Author: jmd-mongo

source/includes/csfle-connection-boilerplate-example.rst

@@ -0,0 +1,40 @@
+To configure client-side field level encryption for a locally managed
+key:
+
+- generate a base64-encoded 96-byte string with no line breaks
+- use :binary:`mongosh` to load the key
+
+.. code-block:: bash
+   :emphasize-lines: 1
+
+   export TEST_LOCAL_KEY=$(echo "$(head -c 96 /dev/urandom | base64 | tr -d '\n')")
+
+   mongosh --nodb
+
+Create the client-side field level encryption object using the
+generated local key string:
+
+.. code-block:: javascript
+   :emphasize-lines: 5
+
+    var autoEncryptionOpts = {
+      "keyVaultNamespace" : "encryption.__dataKeys",
+      "kmsProviders" : {
+        "local" : {
+          "key" : BinData(0, process.env["TEST_LOCAL_KEY"])
+        }
+      }
+    }
+
+Use the :method:`Mongo()` constructor with the client-side field level 
+encryption options configured to create a database connection. Replace 
+the ``mongodb://myMongo.example.net`` URI with the :ref:`connection 
+string URI <mongodb-uri>` of the target cluster.
+
+.. code-block:: javascript
+   :emphasize-lines: 2
+      
+   encryptedClient = Mongo( 
+     "mongodb://myMongo.example.net:27017/?replSetName=myMongo", 
+      autoEncryptionOpts
+   )

source/includes/extracts-client-side-field-level-encryption.yaml

@@ -68,50 +68,6 @@ content: |
   variables in the shell to reference the AWS credentials.
 
 ---
-ref: csfle-connection-boilerplate
-content: |
-
-  Configuring client-side field level encryption for a locally
-  managed key requires specifying a base64-encoded 96-byte
-  string with no line breaks. The following operation generates
-  a key that meets the stated requirements and loads it into
-  :binary:`~bin.mongosh`:
-
-  .. code-block:: bash
-     :emphasize-lines: 1
-
-     TEST_LOCAL_KEY=$(echo "$(head -c 96 /dev/urandom | base64 | tr -d '\n')")
-     
-     mongosh --nodb --shell --eval "var TEST_LOCAL_KEY='$TEST_LOCAL_KEY'"
-
-  Create the client-side field level encryption object using the
-  generated local key string:
-
-  .. code-block:: javascript
-     :emphasize-lines: 5
-
-     var autoEncryptionOpts = {
-       "keyVaultNamespace" : "encryption.__dataKeys",
-       "kmsProviders" : {
-         "local" : {
-           "key" : BinData(0, TEST_LOCAL_KEY)
-         }
-       }
-     }
-
-  Use the :method:`Mongo()` constructor to create a database connection
-  with the client-side field level encryption options. Replace the
-  ``mongodb://myMongo.example.net`` URI with the :ref:`connection string
-  URI <mongodb-uri>` of the target cluster.
-
-  .. code-block:: javascript
-     :emphasize-lines: 2
-       
-     encryptedClient = Mongo( 
-       "mongodb://myMongo.example.net:27017/?replSetName=myMongo", 
-       autoEncryptionOpts
-     )
----
 ref: csfle-enterprise-atlas-only
 content: |
 

source/reference/method/ClientEncryption.decrypt.txt

@@ -54,7 +54,7 @@ Example
 The following example uses a locally managed KMS for the client-side
 field level encryption configuration.
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`ClientEncryption <getClientEncryption()>` object
 and use the :method:`ClientEncryption.decrypt()` method to decrypt

source/reference/method/ClientEncryption.encrypt.txt

@@ -174,7 +174,7 @@ Client-Side Field Level Encryption
 The following example uses a locally managed KMS for the client-side
 field level encryption configuration.
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`ClientEncryption <getClientEncryption()>` object
 and use the :method:`ClientEncryption.encrypt()` method to encrypt

source/reference/method/KeyVault.addKeyAlternateName.txt

@@ -60,7 +60,7 @@ client-side field level encryption. For specific examples of using
 :abbr:`KMS (Key Management Service)` provider, see
 :ref:`field-level-encryption-data-key-manage`.
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
 :method:`KeyVault.addKeyAlternateName()` method to add a new key

source/reference/method/KeyVault.createKey.txt

@@ -182,7 +182,7 @@ client-side field level encryption. For specific examples of using
 :abbr:`KMS (Key Management Service)` provider, see
 :ref:`qe-field-level-encryption-data-key-create`.
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`keyVault <getKeyVault()>` object and
 use the :method:`KeyVault.createKey()` method to 

source/reference/method/KeyVault.deleteKey.txt

@@ -49,7 +49,7 @@ client-side field level encryption. For specific examples of using
 :abbr:`KMS (Key Management Service)` provider, see
 :ref:`field-level-encryption-data-key-delete`.
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`KeyVault <getKeyVault()>` object and
 use the :method:`KeyVault.deleteKey()` method to 

source/reference/method/KeyVault.getKey.txt

@@ -54,7 +54,7 @@ The following example uses a :ref:`locally managed KMS
 <field-level-encryption-local-kms>` for the client-side field level
 encryption configuration. 
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`keyVault <getKeyVault()>` object and
 use the :method:`KeyVault.getKey()` to retrieve

source/reference/method/KeyVault.getKeyByAltName.txt

@@ -48,7 +48,7 @@ Example
 The following example uses a locally managed KMS for the client-side
 field level encryption configuration. 
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
 :method:`KeyVault.getKeyByAltName()` method to retrieve the data

source/reference/method/KeyVault.getKeys.txt

@@ -48,7 +48,7 @@ The following example uses a :ref:`locally managed KMS
 <field-level-encryption-local-kms>` for the client-side field level
 encryption configuration. 
 
-.. include:: /includes/extracts/csfle-connection-boilerplate.rst
+.. include:: /includes/csfle-connection-boilerplate-example.rst
 
 Retrieve the :method:`KeyVault <getKeyVault()>` object and use the
 :method:`KeyVault.getKeys()` method to retrieve all data encryption keys