Interface ClientEncryption

  • All Superinterfaces:
    AutoCloseable, Closeable

    @Beta
    public interface ClientEncryption
    extends Closeable
    The Key vault.

    Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

    Note: support for client-side encryption is in beta. Backwards-breaking changes may be made before the final release.

    Since:
    3.11
    • Method Detail

      • createDataKey

        void createDataKey​(String kmsProvider,
                           SingleResultCallback<BsonBinary> callback)
        Create a data key with the given KMS provider.

        Creates a new key document and inserts into the key vault collection.

        Parameters:
        kmsProvider - the KMS provider
        callback - the callback containing the identifier for the created data key
      • createDataKey

        void createDataKey​(String kmsProvider,
                           DataKeyOptions dataKeyOptions,
                           SingleResultCallback<BsonBinary> callback)
        Create a data key with the given KMS provider and options.

        Creates a new key document and inserts into the key vault collection.

        Parameters:
        kmsProvider - the KMS provider
        dataKeyOptions - the options for data key creation
        callback - the callback containing the identifier for the created data key
      • encrypt

        void encrypt​(BsonValue value,
                     EncryptOptions options,
                     SingleResultCallback<BsonBinary> callback)
        Encrypt the given value with the given options.

        The driver may throw an exception for prohibited BSON value types

        Parameters:
        value - the value to encrypt
        options - the options for data encryption
        callback - the callback containing the encrypted value, a BSON binary of subtype 6
      • decrypt

        void decrypt​(BsonBinary value,
                     SingleResultCallback<BsonValue> callback)
        Decrypt the given value.
        Parameters:
        value - the value to decrypt, which must be of subtype 6
        callback - the callback containing the decrypted value