The keys max_records, key_namespace, queue_namespace are all optional, with the
values above used as default.
The encryption_target hash is used to search for certificates, subject is
mandatory and can contain wildcards as accepted by sql LIKE. The realm defaults
to the sessions realm if not given. The certificate_identifier of all certificates
which are valid at the time of the search are written to enc_cert_ids.
This method is a co-worker for
where the params are explained in detail.