Package com.mongodb.client.vault
Interface ClientEncryption
-
- All Superinterfaces:
AutoCloseable
,Closeable
@Beta public interface ClientEncryption extends Closeable
The Key vault.Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.
Note: support for client-side encryption should be considered as beta. Backwards-breaking changes may be made before the final release.
- Since:
- 3.11
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
close()
BsonBinary
createDataKey(String kmsProvider)
Create a data key with the given KMS provider.BsonBinary
createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions)
Create a data key with the given KMS provider and options.BsonValue
decrypt(BsonBinary value)
Decrypt the given value.BsonBinary
encrypt(BsonValue value, EncryptOptions options)
Encrypt the given value with the given options.
-
-
-
Method Detail
-
createDataKey
BsonBinary createDataKey(String kmsProvider)
Create a data key with the given KMS provider.Creates a new key document and inserts into the key vault collection.
- Parameters:
kmsProvider
- the KMS provider- Returns:
- the identifier for the created data key
-
createDataKey
BsonBinary createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions)
Create a data key with the given KMS provider and options.Creates a new key document and inserts into the key vault collection.
- Parameters:
kmsProvider
- the KMS providerdataKeyOptions
- the options for data key creation- Returns:
- the identifier for the created data key
-
encrypt
BsonBinary encrypt(BsonValue value, EncryptOptions options)
Encrypt the given value with the given options.The driver may throw an exception for prohibited BSON value types
- Parameters:
value
- the value to encryptoptions
- the options for data encryption- Returns:
- the encrypted value, a BSON binary of subtype 6
-
decrypt
BsonValue decrypt(BsonBinary value)
Decrypt the given value.- Parameters:
value
- the value to decrypt, which must be of subtype 6- Returns:
- the decrypted value
-
close
void close()
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
-
-