/*
 * Copyright 2008-present MongoDB, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.mongodb.async.client.vault;

import com.mongodb.annotations.Beta;
import com.mongodb.async.SingleResultCallback;
import com.mongodb.client.model.vault.DataKeyOptions;
import com.mongodb.client.model.vault.EncryptOptions;
import org.bson.BsonBinary;
import org.bson.BsonValue;

import java.io.Closeable;

The Key vault.

Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

Note: support for client-side encryption is in beta. Backwards-breaking changes may be made before the final release.

Since:3.11
/** * The Key vault. * <p> * Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option. * </p> * <p> * Note: support for client-side encryption is in beta. Backwards-breaking changes may be made before the final release. * </p> * @since 3.11 */
@Beta public interface ClientEncryption extends Closeable {
Create a data key with the given KMS provider.

Creates a new key document and inserts into the key vault collection.

Params:
  • kmsProvider – the KMS provider
  • callback – the callback containing the identifier for the created data key
/** * Create a data key with the given KMS provider. * * <p> * Creates a new key document and inserts into the key vault collection. * </p> * * @param kmsProvider the KMS provider * @param callback the callback containing the identifier for the created data key */
void createDataKey(String kmsProvider, SingleResultCallback<BsonBinary> callback);
Create a data key with the given KMS provider and options.

Creates a new key document and inserts into the key vault collection.

Params:
  • kmsProvider – the KMS provider
  • dataKeyOptions – the options for data key creation
  • callback – the callback containing the identifier for the created data key
/** * Create a data key with the given KMS provider and options. * * <p> * Creates a new key document and inserts into the key vault collection. * </p> * * @param kmsProvider the KMS provider * @param dataKeyOptions the options for data key creation * @param callback the callback containing the identifier for the created data key */
void createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions, SingleResultCallback<BsonBinary> callback);
Encrypt the given value with the given options.

The driver may throw an exception for prohibited BSON value types

Params:
  • value – the value to encrypt
  • options – the options for data encryption
  • callback – the callback containing the encrypted value, a BSON binary of subtype 6
/** * Encrypt the given value with the given options. * <p> * The driver may throw an exception for prohibited BSON value types * </p> * * @param value the value to encrypt * @param options the options for data encryption * @param callback the callback containing the encrypted value, a BSON binary of subtype 6 */
void encrypt(BsonValue value, EncryptOptions options, SingleResultCallback<BsonBinary> callback);
Decrypt the given value.
Params:
  • value – the value to decrypt, which must be of subtype 6
  • callback – the callback containing the decrypted value
/** * Decrypt the given value. * * @param value the value to decrypt, which must be of subtype 6 * @param callback the callback containing the decrypted value */
void decrypt(BsonBinary value, SingleResultCallback<BsonValue> callback); @Override void close(); }