Class DataKeyOptions
- Since:
- 3.11
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionGets the alternate key names.byte[]
Gets the custom key material if set.Gets the master key documentkeyAltNames
(List<String> keyAltNames) Set the alternate key names.keyMaterial
(byte[] keyMaterial) Sets the key materialmasterKey
(BsonDocument masterKey) Sets the master key document.toString()
-
Constructor Details
-
DataKeyOptions
public DataKeyOptions()
-
-
Method Details
-
keyAltNames
Set the alternate key names.- Parameters:
keyAltNames
- a list of alternate key names- Returns:
- this
- See Also:
-
masterKey
Sets the master key document.- Parameters:
masterKey
- the master key document- Returns:
- this
- See Also:
-
keyMaterial
Sets the key materialAn optional BinData of 96 bytes to use as custom key material for the data key being created. If set the custom key material is used for encrypting and decrypting data. Otherwise, the key material for the new data key is generated from a cryptographically secure random device.
- Parameters:
keyMaterial
- the optional custom key material for the data key- Returns:
- this
- Since:
- 4.7
- See Also:
-
getKeyAltNames
Gets the alternate key names.An optional list of alternate names used to reference a key. If a key is created with alternate names, then encryption may refer to the key by the unique alternate name instead of by _id.
- Returns:
- the list of alternate key names
-
getMasterKey
Gets the master key documentThe masterKey identifies a KMS-specific key used to encrypt the new data key.
If the kmsProvider type is "aws" the master key is required and must contain the following fields:
- region: a String containing the AWS region in which to locate the master key
- key: a String containing the Amazon Resource Name (ARN) to the AWS customer master key
If the kmsProvider type is "azure" the master key is required and must contain the following fields:
- keyVaultEndpoint: a String with the host name and an optional port. Example: "example.vault.azure.net".
- keyName: a String
- keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.
If the kmsProvidertype type is "gcp" the master key is required and must contain the following fields:
- projectId: a String
- location: String
- keyRing: String
- keyName: String
- keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.
- endpoint: an optional String, with the host with optional port. Defaults to "cloudkms.googleapis.com".
If the kmsProvider type is "kmip" the master key is required and must contain the following fields:
- keyId: optional String, keyId is the KMIP Unique Identifier to a 96 byte KMIP Secret Data managed object. If keyId is omitted, the driver creates a random 96 byte KMIP Secret Data managed object.
- endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it defaults to the required endpoint from the KMS providers map.
- delegated: If true (recommended), the KMIP server will perform encryption and decryption. If delegated is not provided, defaults to false.
If the kmsProvider type is "local" the masterKey is not applicable.
- Returns:
- the master key document
-
getKeyMaterial
Gets the custom key material if set.The optional BinData of 96 bytes to use as custom key material for the data key being created. If set the custom key material is used for encrypting and decrypting data. Otherwise, the key material for the new data key is generated from a cryptographically secure random device.
- Returns:
- the custom key material for the data key or null
- Since:
- 4.7
-
toString
-