All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.mongodb.ClientEncryptionSettings Maven / Gradle / Ivy

Go to download

The MongoDB Java Driver uber-artifact, containing mongodb-driver, mongodb-driver-core, and bson

There is a newer version: 3.12.14
Show newest version
/*
 * Copyright 2008-present MongoDB, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.mongodb;

import com.mongodb.annotations.Beta;
import com.mongodb.annotations.NotThreadSafe;

import java.util.Map;

import static com.mongodb.assertions.Assertions.notNull;

/**
 * The client-side settings for data key creation and explicit encryption.
 *
 * 

* Explicit encryption/decryption is a community feature, enabled with the new {@code com.mongodb.client.vault.ClientEncryption} type, * for which this is the settings. *

*

* Note: support for client side encryption is in beta. Backwards-breaking changes may be made before the final * release. *

* * @since 3.11 */ @Beta public final class ClientEncryptionSettings { private final MongoClientSettings keyVaultMongoClientSettings; private final String keyVaultNamespace; private final Map> kmsProviders; /** * A builder for {@code ClientEncryptionSettings} so that {@code ClientEncryptionSettings} can be immutable, and to support easier * construction through chaining. */ @NotThreadSafe public static final class Builder { private MongoClientSettings keyVaultMongoClientSettings; private String keyVaultNamespace; private Map> kmsProviders; /** * Sets the key vault settings. * * @param keyVaultMongoClientSettings the key vault mongo client settings, which may be null. * @return this * @see #getKeyVaultMongoClientSettings() */ public Builder keyVaultMongoClientSettings(final MongoClientSettings keyVaultMongoClientSettings) { this.keyVaultMongoClientSettings = keyVaultMongoClientSettings; return this; } /** * Sets the key vault namespace * * @param keyVaultNamespace the key vault namespace, which may not be null * @return this * @see #getKeyVaultNamespace() */ public Builder keyVaultNamespace(final String keyVaultNamespace) { this.keyVaultNamespace = notNull("keyVaultNamespace", keyVaultNamespace); return this; } /** * Sets the KMS providers map. * * @param kmsProviders the KMS providers map, which may not be null * @return this * @see #getKmsProviders() */ public Builder kmsProviders(final Map> kmsProviders) { this.kmsProviders = notNull("kmsProviders", kmsProviders); return this; } /** * Build an instance of {@code ClientEncryptionSettings}. * * @return the settings from this builder */ public ClientEncryptionSettings build() { return new ClientEncryptionSettings(this); } private Builder() { } } /** * Convenience method to create a Builder. * * @return a builder */ public static Builder builder() { return new Builder(); } /** * Gets the key vault settings. * *

* The key vault collection is assumed to reside on the same MongoDB cluster as indicated by the connecting URI. But the optional * keyVaultMongoClientSettings can be used to route data key queries to a separate MongoDB cluster, or the same cluster but with a * different credential. *

* @return the key vault settings, which may be null to indicate that the same {@code MongoClient} should be used to access the key * vault collection as is used for the rest of the application. */ public MongoClientSettings getKeyVaultMongoClientSettings() { return keyVaultMongoClientSettings; } /** * Gets the key vault namespace. *

* The key vault namespace refers to a collection that contains all data keys used for encryption and decryption (aka the key vault * collection). Data keys are stored as documents in a special MongoDB collection. Data keys are protected with encryption by a KMS * provider (AWS KMS or a local master key). *

* * @return the key vault namespace, which may not be null */ public String getKeyVaultNamespace() { return keyVaultNamespace; } /** * Gets the map of KMS provider properties. * *

* Multiple KMS providers may be specified. Initially, two KMS providers are supported: "aws" and "local". The kmsProviders map * values differ by provider: *

*

* For "aws", the properties are: *

*
    *
  • accessKeyId: a String containing the AWS access key identifier
  • *
  • secretAccessKey: a String the AWS secret access key
  • *
*

* For "local", the properties are: *

*
    *
  • key: <byte array of length 96>
  • *
* * @return map of KMS provider properties */ public Map> getKmsProviders() { return kmsProviders; } private ClientEncryptionSettings(final Builder builder) { this.keyVaultMongoClientSettings = builder.keyVaultMongoClientSettings; this.keyVaultNamespace = notNull("keyVaultNamespace", builder.keyVaultNamespace); this.kmsProviders = notNull("kmsProviders", builder.kmsProviders); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy