Interface ClientEncryption

All Superinterfaces:
AutoCloseable, Closeable

public interface ClientEncryption extends Closeable
The Key vault.

Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

Since:
1.12
  • Method Details

    • createDataKey

      Publisher<BsonBinary> createDataKey(String kmsProvider)
      Create a data key with the given KMS provider.

      Creates a new key document and inserts into the key vault collection.

      Parameters:
      kmsProvider - the KMS provider
      Returns:
      a Publisher containing the identifier for the created data key
    • createDataKey

      Publisher<BsonBinary> createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions)
      Create a data key with the given KMS provider and options.

      Creates a new key document and inserts into the key vault collection.

      Parameters:
      kmsProvider - the KMS provider
      dataKeyOptions - the options for data key creation
      Returns:
      a Publisher containing the identifier for the created data key
    • encrypt

      Publisher<BsonBinary> encrypt(BsonValue value, EncryptOptions options)
      Encrypt the given value with the given options.

      The driver may throw an exception for prohibited BSON value types

      Parameters:
      value - the value to encrypt
      options - the options for data encryption
      Returns:
      a Publisher containing the encrypted value, a BSON binary of subtype 6
    • decrypt

      Publisher<BsonValue> decrypt(BsonBinary value)
      Decrypt the given value.
      Parameters:
      value - the value to decrypt, which must be of subtype 6
      Returns:
      a Publisher containing the decrypted value
    • deleteKey

      Removes the key document with the given data key from the key vault collection.
      Parameters:
      id - the data key UUID (BSON binary subtype 0x04)
      Returns:
      a Publisher containing the delete result
      Since:
      4.7
    • getKey

      Finds a single key document with the given UUID (BSON binary subtype 0x04).
      Parameters:
      id - the data key UUID (BSON binary subtype 0x04)
      Returns:
      a Publisher containing the single key document or an empty publisher if there is no match
      Since:
      4.7
    • getKeys

      Finds all documents in the key vault collection.
      Returns:
      a find publisher for the documents in the key vault collection
      Since:
      4.7
    • addKeyAltName

      Publisher<BsonDocument> addKeyAltName(BsonBinary id, String keyAltName)
      Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID.
      Parameters:
      id - the data key UUID (BSON binary subtype 0x04)
      keyAltName - the alternative key name to add to the keyAltNames array
      Returns:
      a Publisher containing the previous version of the key document or an empty publisher if no match
      Since:
      4.7
    • removeKeyAltName

      Publisher<BsonDocument> removeKeyAltName(BsonBinary id, String keyAltName)
      Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given id.
      Parameters:
      id - the data key UUID (BSON binary subtype 0x04)
      keyAltName - the alternative key name
      Returns:
      a Publisher containing the previous version of the key document or an empty publisher if there is no match
      Since:
      4.7
    • getKeyByAltName

      Publisher<BsonDocument> getKeyByAltName(String keyAltName)
      Returns a key document in the key vault collection with the given keyAltName.
      Parameters:
      keyAltName - the alternative key name
      Returns:
      a Publisher containing the matching key document or an empty publisher if there is no match
      Since:
      4.7
    • rewrapManyDataKey

      Publisher<RewrapManyDataKeyResult> rewrapManyDataKey(Bson filter)
      Decrypts multiple data keys and (re-)encrypts them with the current masterKey.
      Parameters:
      filter - the filter
      Returns:
      a Publisher containing the result
      Since:
      4.7
    • rewrapManyDataKey

      Publisher<RewrapManyDataKeyResult> rewrapManyDataKey(Bson filter, RewrapManyDataKeyOptions options)
      Decrypts multiple data keys and (re-)encrypts them with a new masterKey, or with their current masterKey if a new one is not given.
      Parameters:
      filter - the filter
      options - the options
      Returns:
      a Publisher containing the result
      Since:
      4.7
    • close

      void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable