Package com.mongodb.reactivestreams.client.vault

Interface ClientEncryption

All Superinterfaces:

AutoCloseable, Closeable

public interface ClientEncryption
extends Closeable

The Key vault.

Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

Since:

1.12

Method Summary

Modifier and Type	Method	Description
Publisher<BsonDocument>	addKeyAltName(BsonBinary id, String keyAltName)	Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID.
void	close()
Publisher<BsonBinary>	createDataKey(String kmsProvider)	Create a data key with the given KMS provider.
Publisher<BsonBinary>	createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions)	Create a data key with the given KMS provider and options.
Publisher<BsonValue>	decrypt(BsonBinary value)	Decrypt the given value.
Publisher<DeleteResult>	deleteKey(BsonBinary id)	Removes the key document with the given data key from the key vault collection.
Publisher<BsonBinary>	encrypt(BsonValue value, EncryptOptions options)	Encrypt the given value with the given options.
Publisher<BsonDocument>	getKey(BsonBinary id)	Finds a single key document with the given UUID (BSON binary subtype 0x04).
Publisher<BsonDocument>	getKeyByAltName(String keyAltName)	Returns a key document in the key vault collection with the given keyAltName.
FindPublisher<BsonDocument>	getKeys()	Finds all documents in the key vault collection.
Publisher<BsonDocument>	removeKeyAltName(BsonBinary id, String keyAltName)	Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given id.
Publisher<RewrapManyDataKeyResult>	rewrapManyDataKey(Bson filter)	Decrypts multiple data keys and (re-)encrypts them with the current masterKey.
Publisher<RewrapManyDataKeyResult>	rewrapManyDataKey(Bson filter, RewrapManyDataKeyOptions options)	Decrypts multiple data keys and (re-)encrypts them with a new masterKey, or with their current masterKey if a new one is not given.

Method Details

createDataKey

Publisher<BsonBinary> createDataKey(String kmsProvider)

Create a data key with the given KMS provider.

Creates a new key document and inserts into the key vault collection.

Parameters:

kmsProvider - the KMS provider

Returns:

a Publisher containing the identifier for the created data key

createDataKey

Publisher<BsonBinary> createDataKey(String kmsProvider,
 DataKeyOptions dataKeyOptions)

Create a data key with the given KMS provider and options.

Creates a new key document and inserts into the key vault collection.

Parameters:

kmsProvider - the KMS provider

dataKeyOptions - the options for data key creation

Returns:

a Publisher containing the identifier for the created data key

encrypt

Publisher<BsonBinary> encrypt(BsonValue value,
 EncryptOptions options)

Encrypt the given value with the given options.

The driver may throw an exception for prohibited BSON value types

Parameters:

value - the value to encrypt

options - the options for data encryption

Returns:

a Publisher containing the encrypted value, a BSON binary of subtype 6

decrypt

Publisher<BsonValue> decrypt(BsonBinary value)

Decrypt the given value.

Parameters:

value - the value to decrypt, which must be of subtype 6

Returns:

a Publisher containing the decrypted value

deleteKey

Publisher<DeleteResult> deleteKey(BsonBinary id)

Removes the key document with the given data key from the key vault collection.

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

Returns:

a Publisher containing the delete result

Since:

4.7

getKey

@Nullable
Publisher<BsonDocument> getKey(BsonBinary id)

Finds a single key document with the given UUID (BSON binary subtype 0x04).

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

Returns:

a Publisher containing the single key document or an empty publisher if there is no match

Since:

4.7

getKeys

FindPublisher<BsonDocument> getKeys()

Finds all documents in the key vault collection.

Returns:

a find publisher for the documents in the key vault collection

Since:

4.7

addKeyAltName

Publisher<BsonDocument> addKeyAltName(BsonBinary id,
 String keyAltName)

Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID.

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

keyAltName - the alternative key name to add to the keyAltNames array

Returns:

a Publisher containing the previous version of the key document or an empty publisher if no match

Since:

4.7

removeKeyAltName

Publisher<BsonDocument> removeKeyAltName(BsonBinary id,
 String keyAltName)

Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given id.

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

keyAltName - the alternative key name

Returns:

a Publisher containing the previous version of the key document or an empty publisher if there is no match

Since:

4.7

getKeyByAltName

Publisher<BsonDocument> getKeyByAltName(String keyAltName)

Returns a key document in the key vault collection with the given keyAltName.

Parameters:

keyAltName - the alternative key name

Returns:

a Publisher containing the matching key document or an empty publisher if there is no match

Since:

4.7

rewrapManyDataKey

Publisher<RewrapManyDataKeyResult> rewrapManyDataKey(Bson filter)

Decrypts multiple data keys and (re-)encrypts them with the current masterKey.

Parameters:

filter - the filter

Returns:

a Publisher containing the result

Since:

4.7

rewrapManyDataKey

Publisher<RewrapManyDataKeyResult> rewrapManyDataKey(Bson filter,
 RewrapManyDataKeyOptions options)

Decrypts multiple data keys and (re-)encrypts them with a new masterKey, or with their current masterKey if a new one is not given.

Parameters:

filter - the filter

options - the options

Returns:

a Publisher containing the result

Since:

4.7

close

void close()

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable