Package com.mongodb.client.vault

Interface ClientEncryption

All Superinterfaces:
AutoCloseable, Closeable
public interface ClientEncryption extends Closeable
The Key vault.

Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

Since:
3.11

  • Method Details

    • createDataKey

      BsonBinary createDataKey(String kmsProvider)
      Create a data key with the given KMS provider.

      Creates a new key document and inserts into the key vault collection.

      Parameters:
      kmsProvider - the KMS provider
      Returns:
      the identifier for the created data key

    • createDataKey

      BsonBinary createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions)
      Create a data key with the given KMS provider and options.

      Creates a new key document and inserts into the key vault collection.

      Parameters:
      kmsProvider - the KMS provider
      dataKeyOptions - the options for data key creation
      Returns:
      the identifier for the created data key

    • encrypt

      BsonBinary encrypt(BsonValue value, EncryptOptions options)
      Encrypt the given value with the given options.

      The driver may throw an exception for prohibited BSON value types

      Parameters:
      value - the value to encrypt
      options - the options for data encryption
      Returns:
      the encrypted value, a BSON binary of subtype 6

    • decrypt

      BsonValue decrypt(BsonBinary value)
      Decrypt the given value.
      Parameters:
      value - the value to decrypt, which must be of subtype 6
      Returns:
      the decrypted value

    • close

      void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable