DOCSP-46939: tlsCertificateKeyFilePassword option (#165)

(cherry picked from commit 193132c)

Author: norareidy

source/fundamentals/authentication.txt

@@ -296,6 +296,7 @@ authentication mechanism by using the following placeholders:
 
 - ``path to CA certificate``: The filepath for your CA file
 - ``path to private client key``: The filepath for your certificate key file
+- ``password for client key``: The password used to decrypt the client key
 - ``db``: The authentication database associated with the user
 
 The following code shows how to reference your certificates in your
@@ -308,7 +309,10 @@ connect to MongoDB:
    :start-after: start-x509
    :end-before: end-x509
 
-.. TODO To learn more about enabling TLS on a connection, see :ref:`rust-tls`.
+.. tip::
+
+   To learn more about enabling TLS on a connection, see
+   the :ref:`rust-connect-tls` guide.
 
 Additional Information
 ----------------------

source/fundamentals/connections/connection-options.txt

@@ -192,6 +192,12 @@ connected to the server.
        | If you do not set this option, the ``Client`` instance does not
          attempt to verify its identity to the server.
 
+   * - **tlsCertificateKeyFilePassword**
+     - String
+     - None
+     - Specifies the password to decrypt the private key
+       in your certificate file, if the key is encrypted.
+
    * - **tlsInsecure**
      - Boolean
      - ``false``

source/fundamentals/connections/tls.txt

@@ -181,8 +181,12 @@ instance and a ``Client`` instance that is configured for TLS:
 1. Creates variables to reference the certificate filepaths in
    ``PathBuf`` instances.
 
-#. Instantiates a ``TlsOptions`` struct and sets the ``ca_file_path`` and
-   ``cert_key_file_path`` fields to the relevant filepaths.
+#. Creates a variable to store the password used to decrypt the 
+   client key.
+
+#. Instantiates a ``TlsOptions`` struct and sets the ``ca_file_path``,
+   ``cert_key_file_path``, and ``tls_certificate_key_file_password`` fields
+   to configure the TLS-enabled connection.
 
 #. Passes the ``TlsOptions`` instance to the ``Enabled`` variant of the
    ``Tls`` enum.

source/includes/fundamentals/code-snippets/auth.rs

@@ -76,7 +76,8 @@ async fn main() -> mongodb::error::Result<()> {
     let uri = format!(
         "mongodb://<hostname>:<port>/?tlsCAFile={tlsCAFile}&tlsCertificateKeyFile={tlsCertificateKeyFile}",
         tlsCAFile = "<path to CA certificate>",
-        tlsCertificateKeyFile = "<path to private client key>"
+        tlsCertificateKeyFile = "<path to private client key>",
+        tlsCertificateKeyFilePassword = "<password for client key>"
     );
     let mut client_options = ClientOptions::parse(uri).await?;
     let x509_cred = Credential::builder().mechanism(AuthMechanism::MongoDbAws).build();

source/includes/fundamentals/code-snippets/tls.rs

@@ -9,8 +9,13 @@ async fn main() -> mongodb::error::Result<()> {
 
     let ca_file = PathBuf::from(r"<path to CA certificate>");
     let key_file = PathBuf::from(r"<path to client certificate>");
+    let key_password = b"<password for client key>".to_vec();
 
-    let tls_opts = TlsOptions::builder().ca_file_path(ca_file).cert_key_file_path(key_file).build();
+    let tls_opts = TlsOptions::builder()
+        .ca_file_path(ca_file)
+        .cert_key_file_path(key_file)
+        .tls_certificate_key_file_password(key_password)
+        .build();
 
     client_options.tls = Some(Tls::Enabled(tls_opts));
     let _client = Client::with_options(client_options)?;