Package io.vertx.mongo

Class AutoEncryptionSettings

  • public class AutoEncryptionSettings
extends java.lang.Object
    The client-side automatic encryption settings. Client side encryption enables an application to specify what fields in a collection must be encrypted, and the driver automatically encrypts commands sent to MongoDB and decrypts responses.

    Automatic encryption is an enterprise only feature that only applies to operations on a collection. Automatic encryption is not supported for operations on a database or view and will result in error. To bypass automatic encryption, set bypassAutoEncryption=true in AutoEncryptionSettings.

    Explicit encryption/decryption and automatic decryption is a community feature, enabled with the new com.mongodb.client.vault.ClientEncryption type.

    A MongoClient configured with bypassAutoEncryption=true will still automatically decrypt.

    If automatic encryption fails on an operation, use a MongoClient configured with bypassAutoEncryption=true and use ClientEncryption#encrypt to manually encrypt values.

    Enabling client side encryption reduces the maximum document and message size (using a maxBsonObjectSize of 2MiB and maxMessageSizeBytes of 6MB) and may have a negative performance impact.

    Automatic encryption requires the authenticated user to have the listCollections privilege action.

    Since:
    3.11

    • Constructor Detail

      • AutoEncryptionSettings

        public AutoEncryptionSettings()

      • AutoEncryptionSettings

        public AutoEncryptionSettings​(JsonObject json)

    • Method Detail

      • setKeyVaultNamespace

        public AutoEncryptionSettings setKeyVaultNamespace​(java.lang.String keyVaultNamespace)
        Sets the key vault namespace
        Parameters:
        keyVaultNamespace - the key vault namespace, which may not be null
        Returns:
        this
        See Also:
        getKeyVaultNamespace()

      • getKeyVaultNamespace

        public java.lang.String getKeyVaultNamespace()
        Gets the key vault namespace.

        The key vault namespace refers to a collection that contains all data keys used for encryption and decryption (aka the key vault collection). Data keys are stored as documents in a special MongoDB collection. Data keys are protected with encryption by a KMS provider (AWS KMS or a local master key).

        Returns:
        the key vault namespace, which may not be null

      • setSchemaMap

        public AutoEncryptionSettings setSchemaMap​(java.util.Map<java.lang.String,​JsonObject> schemaMap)
        Sets the map from namespace to local schema document
        Parameters:
        schemaMap - the map from namespace to local schema document
        Returns:
        this
        See Also:
        getSchemaMap()

      • getSchemaMap

        public java.util.Map<java.lang.String,​JsonObject> getSchemaMap()

      • setBypassAutoEncryption

        public AutoEncryptionSettings setBypassAutoEncryption​(java.lang.Boolean bypassAutoEncryption)
        Sets whether auto-encryption should be bypassed.
        Parameters:
        bypassAutoEncryption - whether auto-encryption should be bypassed
        Returns:
        this
        See Also:
        isBypassAutoEncryption()

      • isBypassAutoEncryption

        public java.lang.Boolean isBypassAutoEncryption()
        Gets whether auto-encryption should be bypassed. Even when this option is true, auto-decryption is still enabled.

        This option is useful for cases where the driver throws an exception because it is unable to prove that the command does not contain any fields that should be automatically encrypted, but the application is able to determine that it does not. For these cases, the application can construct a MongoClient with AutoEncryptionSettings with bypassAutoEncryption enabled.

        Returns:
        true if auto-encryption should be bypassed