Class DataKeyOptions

java.lang.Object
com.mongodb.client.model.vault.DataKeyOptions

public class DataKeyOptions extends Object
The options for creating a data key.
Since:
3.11
  • Constructor Details

    • DataKeyOptions

      public DataKeyOptions()
  • Method Details

    • keyAltNames

      public DataKeyOptions keyAltNames(List<String> keyAltNames)
      Set the alternate key names.
      Parameters:
      keyAltNames - a list of alternate key names
      Returns:
      this
      See Also:
    • masterKey

      public DataKeyOptions masterKey(BsonDocument masterKey)
      Sets the master key document.
      Parameters:
      masterKey - the master key document
      Returns:
      this
      See Also:
    • keyMaterial

      public DataKeyOptions keyMaterial(byte[] keyMaterial)
      Sets the key material

      An optional BinData of 96 bytes to use as custom key material for the data key being created. If set the custom key material is used for encrypting and decrypting data. Otherwise, the key material for the new data key is generated from a cryptographically secure random device.

      Parameters:
      keyMaterial - the optional custom key material for the data key
      Returns:
      this
      Since:
      4.7
      See Also:
    • getKeyAltNames

      @Nullable public List<String> getKeyAltNames()
      Gets the alternate key names.

      An optional list of alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.

      Returns:
      the list of alternate key names
    • getMasterKey

      @Nullable public BsonDocument getMasterKey()
      Gets the master key document

      The masterKey identifies a KMS-specific key used to encrypt the new data key.

      If the kmsProvider type is "aws" the master key is required and must contain the following fields:

      • region: a String containing the AWS region in which to locate the master key
      • key: a String containing the Amazon Resource Name (ARN) to the AWS customer master key

      If the kmsProvider type is "azure" the master key is required and must contain the following fields:

      • keyVaultEndpoint: a String with the host name and an optional port. Example: "example.vault.azure.net".
      • keyName: a String
      • keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.

      If the kmsProvidertype type is "gcp" the master key is required and must contain the following fields:

      • projectId: a String
      • location: String
      • keyRing: String
      • keyName: String
      • keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.
      • endpoint: an optional String, with the host with optional port. Defaults to "cloudkms.googleapis.com".

      If the kmsProvider type is "kmip" the master key is required and must contain the following fields:

      • keyId: optional String, keyId is the KMIP Unique Identifier to a 96 byte KMIP Secret Data managed object. If keyId is omitted, the driver creates a random 96 byte KMIP Secret Data managed object.
      • endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it defaults to the required endpoint from the KMS providers map.
      • delegated: If true (recommended), the KMIP server will perform encryption and decryption. If delegated is not provided, defaults to false.

      If the kmsProvider type is "local" the masterKey is not applicable.

      Returns:
      the master key document
    • getKeyMaterial

      @Nullable public byte[] getKeyMaterial()
      Gets the custom key material if set.

      The optional BinData of 96 bytes to use as custom key material for the data key being created. If set the custom key material is used for encrypting and decrypting data. Otherwise, the key material for the new data key is generated from a cryptographically secure random device.

      Returns:
      the custom key material for the data key or null
      Since:
      4.7
    • toString

      public String toString()
      Overrides:
      toString in class Object