Package io.vertx.mongo.client.vault

Interface ClientEncryption

  • public interface ClientEncryption
    The Key vault.

    Used to create data encryption keys, and to explicitly encrypt and decrypt values when auto-encryption is not an option.

    Note: support for client-side encryption should be considered as beta. Backwards-breaking changes may be made before the final release.

    Since:
    1.12

    • Method Detail

      • createDataKey

        Future<byte[]> createDataKey​(java.lang.String kmsProvider)
        Create a data key with the given KMS provider.

        Creates a new key document and inserts into the key vault collection.

        Parameters:
        kmsProvider - the KMS provider
        Returns:
        a future containing the identifier for the created data key

      • createDataKey

        void createDataKey​(java.lang.String kmsProvider,
                   Handler<AsyncResult<byte[]>> resultHandler)
        Create a data key with the given KMS provider.

        Creates a new key document and inserts into the key vault collection.

        Parameters:
        kmsProvider - the KMS provider
        resultHandler - an async result containing the identifier for the created data key

      • createDataKey

        Future<byte[]> createDataKey​(java.lang.String kmsProvider,
                             DataKeyOptions dataKeyOptions)
        Create a data key with the given KMS provider and options.

        Creates a new key document and inserts into the key vault collection.

        Parameters:
        kmsProvider - the KMS provider
        dataKeyOptions - the options for data key creation
        Returns:
        a future containing the identifier for the created data key

      • createDataKey

        void createDataKey​(java.lang.String kmsProvider,
                   DataKeyOptions dataKeyOptions,
                   Handler<AsyncResult<byte[]>> resultHandler)
        Create a data key with the given KMS provider and options.

        Creates a new key document and inserts into the key vault collection.

        Parameters:
        kmsProvider - the KMS provider
        dataKeyOptions - the options for data key creation
        resultHandler - an async result containing the identifier for the created data key

      • encrypt

        Future<byte[]> encrypt​(java.lang.Object value,
                       EncryptOptions options)
        Encrypt the given value with the given options.

        The driver may throw an exception for prohibited BSON value types

        Parameters:
        value - the value to encrypt
        options - the options for data encryption
        Returns:
        a future containing the encrypted value, a BSON binary of subtype 6

      • encrypt

        void encrypt​(java.lang.Object value,
             EncryptOptions options,
             Handler<AsyncResult<byte[]>> resultHandler)
        Encrypt the given value with the given options.

        The driver may throw an exception for prohibited BSON value types

        Parameters:
        value - the value to encrypt
        options - the options for data encryption
        resultHandler - an async result containing the encrypted value, a BSON binary of subtype 6

      • decrypt

        Future<java.lang.Object> decrypt​(byte[] value)
        Decrypt the given value.
        Parameters:
        value - the value to decrypt, which must be of subtype 6
        Returns:
        a future containing the decrypted value

      • decrypt

        void decrypt​(byte[] value,
             Handler<AsyncResult<java.lang.Object>> resultHandler)
        Decrypt the given value.
        Parameters:
        value - the value to decrypt, which must be of subtype 6
        resultHandler - an async result containing the decrypted value

      • close

        void close()