/*
* Copyright 2008-present MongoDB, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.mongodb.async.client.vault;
import com.mongodb.annotations.Beta;
import com.mongodb.async.SingleResultCallback;
import com.mongodb.client.model.vault.DataKeyOptions;
import com.mongodb.client.model.vault.EncryptOptions;
import org.bson.BsonBinary;
import org.bson.BsonValue;
import java.io.Closeable;
The Key vault.
Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.
Note: support for client-side encryption is in beta. Backwards-breaking changes may be made before the final release.
Since: 3.11
/**
* The Key vault.
* <p>
* Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.
* </p>
* <p>
* Note: support for client-side encryption is in beta. Backwards-breaking changes may be made before the final release.
* </p>
* @since 3.11
*/
@Beta
public interface ClientEncryption extends Closeable {
Create a data key with the given KMS provider.
Creates a new key document and inserts into the key vault collection.
Params: - kmsProvider – the KMS provider
- callback – the callback containing the identifier for the created data key
/**
* Create a data key with the given KMS provider.
*
* <p>
* Creates a new key document and inserts into the key vault collection.
* </p>
*
* @param kmsProvider the KMS provider
* @param callback the callback containing the identifier for the created data key
*/
void createDataKey(String kmsProvider, SingleResultCallback<BsonBinary> callback);
Create a data key with the given KMS provider and options.
Creates a new key document and inserts into the key vault collection.
Params: - kmsProvider – the KMS provider
- dataKeyOptions – the options for data key creation
- callback – the callback containing the identifier for the created data key
/**
* Create a data key with the given KMS provider and options.
*
* <p>
* Creates a new key document and inserts into the key vault collection.
* </p>
*
* @param kmsProvider the KMS provider
* @param dataKeyOptions the options for data key creation
* @param callback the callback containing the identifier for the created data key
*/
void createDataKey(String kmsProvider, DataKeyOptions dataKeyOptions, SingleResultCallback<BsonBinary> callback);
Encrypt the given value with the given options.
The driver may throw an exception for prohibited BSON value types
Params: - value – the value to encrypt
- options – the options for data encryption
- callback – the callback containing the encrypted value, a BSON binary of subtype 6
/**
* Encrypt the given value with the given options.
* <p>
* The driver may throw an exception for prohibited BSON value types
* </p>
*
* @param value the value to encrypt
* @param options the options for data encryption
* @param callback the callback containing the encrypted value, a BSON binary of subtype 6
*/
void encrypt(BsonValue value, EncryptOptions options, SingleResultCallback<BsonBinary> callback);
Decrypt the given value.
Params: - value – the value to decrypt, which must be of subtype 6
- callback – the callback containing the decrypted value
/**
* Decrypt the given value.
*
* @param value the value to decrypt, which must be of subtype 6
* @param callback the callback containing the decrypted value
*/
void decrypt(BsonBinary value, SingleResultCallback<BsonValue> callback);
@Override
void close();
}