java.lang.Object
- com.mongodb.ClientEncryptionSettings

```
public final class ClientEncryptionSettings
extends Object
```
The client-side settings for data key creation and explicit encryption.
Explicit encryption/decryption is a community feature, enabled with the new com.mongodb.client.vault.ClientEncryption type, for which this is the settings.

Since:

3.11

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`static class`	`ClientEncryptionSettings.Builder`	A builder for `ClientEncryptionSettings` so that `ClientEncryptionSettings` can be immutable, and to support easier construction through chaining.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`static ClientEncryptionSettings.Builder`	`builder()`	Convenience method to create a Builder.
`MongoClientSettings`	`getKeyVaultMongoClientSettings()`	Gets the key vault settings.
`String`	`getKeyVaultNamespace()`	Gets the key vault namespace.
`Map<String,Map<String,Object>>`	`getKmsProviders()`	Gets the map of KMS provider properties.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - builder
```
public static ClientEncryptionSettings.Builder builder()
```
    Convenience method to create a Builder.
    
    Returns:
    
    a builder
  - getKeyVaultMongoClientSettings
```
public MongoClientSettings getKeyVaultMongoClientSettings()
```
    Gets the key vault settings.
    The key vault collection is assumed to reside on the same MongoDB cluster as indicated by the connecting URI. But the optional keyVaultMongoClientSettings can be used to route data key queries to a separate MongoDB cluster, or the same cluster but with a different credential.
    
    Returns:
    
    the key vault settings, which may be null to indicate that the same MongoClient should be used to access the key vault collection as is used for the rest of the application.
  - getKeyVaultNamespace
```
public String getKeyVaultNamespace()
```
    Gets the key vault namespace.
    The key vault namespace refers to a collection that contains all data keys used for encryption and decryption (aka the key vault collection). Data keys are stored as documents in a special MongoDB collection. Data keys are protected with encryption by a KMS provider (AWS, Azure, GCP KMS or a local master key).
    
    Returns:
    
    the key vault namespace, which may not be null
  - getKmsProviders
```
public Map<String,Map<String,Object>> getKmsProviders()
```
    Gets the map of KMS provider properties.
    Multiple KMS providers may be specified. The following KMS providers are supported: "aws", "azure", "gcp" and "local". The kmsProviders map values differ by provider:
    
    For "aws", the properties are:
    
    accessKeyId: a String, the AWS access key identifier
    
    secretAccessKey: a String, the AWS secret access key
    
    sessionToken: an optional String, the AWS session token
    
    For "azure", the properties are:
    
    tenantId: a String, the tenant Id
    
    clientId: a String, the client Id
    
    clientSecret: a String, the clientSecret
    
    identityPlatformEndpoint: an optional String, the identity platform endpoint. Defaults to login.microsoftonline.com
    
    For "gcp", the properties are:
    
    email: a String, the email address
    
    privateKey: a byte[] or base 64 encoded String, the private key
    
    endpoint: an optional String, the endpoint. Defaults to oauth2.googleapis.com
    
    For "local", the properties are:
    
    key: byte[] of length 96, the local key
    Returns:
    
    map of KMS provider properties

Class ClientEncryptionSettings

Nested Class Summary

Method Summary

Methods inherited from class java.lang.Object

Method Detail

builder

getKeyVaultMongoClientSettings

getKeyVaultNamespace

getKmsProviders