Package com.mongodb.client.model.vault

Class RewrapManyDataKeyOptions

java.lang.Object

com.mongodb.client.model.vault.RewrapManyDataKeyOptions

public final class RewrapManyDataKeyOptions
extends Object

The rewrap many data key options

The getMasterKey() document MUST have the fields corresponding to the given provider as specified in masterKey.

Since:

4.7

Constructor Summary

Constructors

Constructor	Description
RewrapManyDataKeyOptions()

Method Summary

Modifier and Type	Method	Description
BsonDocument	getMasterKey()	Gets the master key document
String	getProvider()
RewrapManyDataKeyOptions	masterKey(BsonDocument masterKey)	Sets the optional master key document.
RewrapManyDataKeyOptions	provider(String provider)	Sets the provider name

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RewrapManyDataKeyOptions

public RewrapManyDataKeyOptions()

Method Details

provider

public RewrapManyDataKeyOptions provider(String provider)

Sets the provider name

Parameters:

provider - the provider name

Returns:

this

See Also:

• getProvider()

getProvider

@Nullable
public String getProvider()

Returns:

the provider name

masterKey

public RewrapManyDataKeyOptions masterKey(BsonDocument masterKey)

Sets the optional master key document.

Parameters:

masterKey - the master key document

Returns:

this

See Also:

• getMasterKey()

getMasterKey

@Nullable
public BsonDocument getMasterKey()

Gets the master key document

The masterKey identifies a KMS-specific key used to encrypt the new data key.

If the kmsProvider type is "aws" the master key is required and must contain the following fields:

• region: a String containing the AWS region in which to locate the master key
• key: a String containing the Amazon Resource Name (ARN) to the AWS customer master key

If the kmsProvider type is "azure" the master key is required and must contain the following fields:

• keyVaultEndpoint: a String with the host name and an optional port. Example: "example.vault.azure.net".
• keyName: a String
• keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.

If the kmsProvider type is "gcp" the master key is required and must contain the following fields:

• projectId: a String
• location: String
• keyRing: String
• keyName: String
• keyVersion: an optional String, the specific version of the named key, defaults to using the key's primary version.
• endpoint: an optional String, with the host with optional port. Defaults to "cloudkms.googleapis.com".

If the kmsProvider type is "kmip" the master key is required and must contain the following fields:

• keyId: optional String, keyId is the KMIP Unique Identifier to a 96 byte KMIP Secret Data managed object. If keyId is omitted, the driver creates a random 96 byte KMIP Secret Data managed object.
• endpoint: a String, the endpoint as a host with required port. e.g. "example.com:443". If endpoint is not provided, it defaults to the required endpoint from the KMS providers map.

If the kmsProvider type is "local" the masterKey is not applicable.

Returns:

the master key document