Class RewrapManyDataKeyOptions

java.lang.Object
com.mongodb.client.model.vault.RewrapManyDataKeyOptions

public final class RewrapManyDataKeyOptions extends Object
The rewrap many data key options

The getMasterKey() document MUST have the fields corresponding to the given provider as specified in masterKey.

Since:
4.7
  • Constructor Details

    • RewrapManyDataKeyOptions

      public RewrapManyDataKeyOptions()
  • Method Details

    • provider

      public RewrapManyDataKeyOptions provider(String provider)
      Sets the provider name
      Parameters:
      provider - the provider name
      Returns:
      this
      See Also:
    • getProvider

      @Nullable public String getProvider()
      Returns:
      the provider name
    • masterKey

      public RewrapManyDataKeyOptions masterKey(BsonDocument masterKey)
      Sets the optional master key document.
      Parameters:
      masterKey - the master key document
      Returns:
      this
      See Also:
    • getMasterKey

      @Nullable public BsonDocument getMasterKey()
      Gets the master key document

      The masterKey identifies a KMS-specific key used to encrypt the new data key.

      If the kmsProvider type is "aws" the master key is required and must contain the following fields:

      • region: a String containing the AWS region in which to locate the master key
      • key: a String containing the Amazon Resource Name (ARN) to the AWS customer master key

      If the kmsProvider type is "azure" the master key is required and must contain the following fields:

      • keyVaultEndpoint: a String with the host name and an optional port. Example: "example.vault.azure.net".
      • keyName: a String
      • keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.

      If the kmsProvider type is "gcp" the master key is required and must contain the following fields:

      • projectId: a String
      • location: String
      • keyRing: String
      • keyName: String
      • keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.
      • endpoint: an optional String, with the host with optional port. Defaults to "cloudkms.googleapis.com".

      If the kmsProvider type is "kmip" the master key is required and must contain the following fields:

      • keyId: optional String, keyId is the KMIP Unique Identifier to a 96 byte KMIP Secret Data managed object. If keyId is omitted, the driver creates a random 96 byte KMIP Secret Data managed object.
      • endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it defaults to the required endpoint from the KMS providers map.

      If the kmsProvider type is "local" the masterKey is not applicable.

      Returns:
      the master key document