Package com.mongodb.client.vault

Interface ClientEncryption

All Superinterfaces:

AutoCloseable, Closeable

public interface ClientEncryption
extends Closeable

The Key vault.

Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

Since:

3.11

Method Summary

Modifier and Type	Method	Description
BsonDocument	addKeyAltName(BsonBinary id, String keyAltName)	Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID.
void	close()
BsonBinary	createDataKey(String kmsProvider)	Create a data key with the given KMS provider.
BsonBinary	createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions)	Create a data key with the given KMS provider and options.
BsonValue	decrypt(BsonBinary value)	Decrypt the given value.
DeleteResult	deleteKey(BsonBinary id)	Removes the key document with the given data key from the key vault collection.
BsonBinary	encrypt(BsonValue value, EncryptOptions options)	Encrypt the given value with the given options.
BsonDocument	getKey(BsonBinary id)	Finds a single key document with the given UUID (BSON binary subtype 0x04).
BsonDocument	getKeyByAltName(String keyAltName)	Returns a key document in the key vault collection with the given keyAltName.
FindIterable<BsonDocument>	getKeys()	Finds all documents in the key vault collection.
BsonDocument	removeKeyAltName(BsonBinary id, String keyAltName)	Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given id.
RewrapManyDataKeyResult	rewrapManyDataKey(Bson filter)	Decrypts multiple data keys and (re-)encrypts them with the current masterKey.
RewrapManyDataKeyResult	rewrapManyDataKey(Bson filter, RewrapManyDataKeyOptions options)	Decrypts multiple data keys and (re-)encrypts them with a new masterKey, or with their current masterKey if a new one is not given.

Method Details

createDataKey

BsonBinary createDataKey(String kmsProvider)

Create a data key with the given KMS provider.

Creates a new key document and inserts into the key vault collection.

Parameters:

kmsProvider - the KMS provider

Returns:

the identifier for the created data key

createDataKey

BsonBinary createDataKey(String kmsProvider,
 DataKeyOptions dataKeyOptions)

Create a data key with the given KMS provider and options.

Creates a new key document and inserts into the key vault collection.

Parameters:

kmsProvider - the KMS provider

dataKeyOptions - the options for data key creation

Returns:

the identifier for the created data key

encrypt

BsonBinary encrypt(BsonValue value,
 EncryptOptions options)

Encrypt the given value with the given options.

The driver may throw an exception for prohibited BSON value types

Parameters:

value - the value to encrypt

options - the options for data encryption

Returns:

the encrypted value, a BSON binary of subtype 6

decrypt

BsonValue decrypt(BsonBinary value)

Decrypt the given value.

Parameters:

value - the value to decrypt, which must be of subtype 6

Returns:

the decrypted value

deleteKey

DeleteResult deleteKey(BsonBinary id)

Removes the key document with the given data key from the key vault collection.

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

Returns:

the result

Since:

4.7

getKey

@Nullable
BsonDocument getKey(BsonBinary id)

Finds a single key document with the given UUID (BSON binary subtype 0x04).

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

Returns:

the single key document or null if there is no match

Since:

4.7

getKeys

FindIterable<BsonDocument> getKeys()

Finds all documents in the key vault collection.

Returns:

a find iterable for the documents in the key vault collection

Since:

4.7

addKeyAltName

@Nullable
BsonDocument addKeyAltName(BsonBinary id,
 String keyAltName)

Adds a keyAltName to the keyAltNames array of the key document in the key vault collection with the given UUID.

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

keyAltName - the alternative key name to add to the keyAltNames array

Returns:

the previous version of the key document or null if no match

Since:

4.7

removeKeyAltName

@Nullable
BsonDocument removeKeyAltName(BsonBinary id,
 String keyAltName)

Removes a keyAltName from the keyAltNames array of the key document in the key vault collection with the given id.

Parameters:

id - the data key UUID (BSON binary subtype 0x04)

keyAltName - the alternative key name

Returns:

the previous version of the key document or null if no match

Since:

4.7

getKeyByAltName

@Nullable
BsonDocument getKeyByAltName(String keyAltName)

Returns a key document in the key vault collection with the given keyAltName.

Parameters:

keyAltName - the alternative key name

Returns:

a matching key document or null

Since:

4.7

rewrapManyDataKey

RewrapManyDataKeyResult rewrapManyDataKey(Bson filter)

Decrypts multiple data keys and (re-)encrypts them with the current masterKey.

Parameters:

filter - the filter

Returns:

the result

Since:

4.7

rewrapManyDataKey

RewrapManyDataKeyResult rewrapManyDataKey(Bson filter,
 RewrapManyDataKeyOptions options)

Decrypts multiple data keys and (re-)encrypts them with a new masterKey, or with their current masterKey if a new one is not given.

Parameters:

filter - the filter

options - the options

Returns:

the result

Since:

4.7

close

void close()

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable