Class KeyEncryptionKeyClientBuilder

java.lang.Object
com.azure.security.keyvault.keys.cryptography.KeyEncryptionKeyClientBuilder
All Implemented Interfaces:
com.azure.core.client.traits.ConfigurationTrait<KeyEncryptionKeyClientBuilder>, com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>, com.azure.core.client.traits.TokenCredentialTrait<KeyEncryptionKeyClientBuilder>, com.azure.core.cryptography.AsyncKeyEncryptionKeyResolver, com.azure.core.cryptography.KeyEncryptionKeyResolver
public final class KeyEncryptionKeyClientBuilder extends Object implements com.azure.core.cryptography.KeyEncryptionKeyResolver, com.azure.core.cryptography.AsyncKeyEncryptionKeyResolver, com.azure.core.client.traits.TokenCredentialTrait<KeyEncryptionKeyClientBuilder>, com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>, com.azure.core.client.traits.ConfigurationTrait<KeyEncryptionKeyClientBuilder>
This class provides a fluent builder API to help aid the configuration and instantiation of the KeyEncryptionKey async client and KeyEncryptionKey sync client, by calling buildAsyncKeyEncryptionKey(String) and buildKeyEncryptionKey(String) respectively. It constructs an instance of the desired client.

The minimal configuration options required by KeyEncryptionKeyClientBuilder to build AsyncKeyEncryptionKey are jsonWebKey or Azure Key Vault key identifier and credential.

When a KeyEncryptionKey async client or KeyEncryptionKey sync client gets created using a Azure Key Vault key identifier, the first time a cryptographic operation is attempted, the client will attempt to retrieve the key material from the service, cache it, and perform all future cryptographic operations locally, deferring to the service when that's not possible. If key retrieval and caching fails because of a non-retryable error, the client will not make any further attempts and will fall back to performing all cryptographic operations on the service side. Conversely, when a KeyEncryptionKey async client or KeyEncryptionKey sync client gets created using a JSON Web Key, all cryptographic operations will be performed locally.

The log detail level, multiple custom policies and custom http client can be optionally configured in the KeyEncryptionKeyClientBuilder.

Alternatively, a custom http pipeline with custom HttpPipelinePolicy policies can be specified. It provides finer control over the construction of AsyncKeyEncryptionKey and KeyEncryptionKey

The minimal configuration options required by keyEncryptionKeyClientBuilder to build KeyEncryptionKey are jsonWebKey or Azure Key Vault key identifier and credential.

See Also:

  • Constructor Details

    • KeyEncryptionKeyClientBuilder

      public KeyEncryptionKeyClientBuilder()
      The constructor with defaults.

  • Method Details

    • buildKeyEncryptionKey

      public com.azure.core.cryptography.KeyEncryptionKey buildKeyEncryptionKey(String keyId)
      Creates a KeyEncryptionKey based on options set in the builder. Every time buildKeyEncryptionKey(String) is called, a new instance of KeyEncryptionKey is created.

      If pipeline is set, then the pipeline and keyId are used to create the client. All other builder settings are ignored. If pipeline is not set, then an Azure Key Vault credential and keyId are required to build the client.

      Specified by:
      buildKeyEncryptionKey in interface com.azure.core.cryptography.KeyEncryptionKeyResolver
      Returns:
      A KeyEncryptionKeyClient with the options set from the builder.
      Throws:
      IllegalStateException - If credential(TokenCredential) or keyId have not been set.
      IllegalStateException - If both retryOptions(RetryOptions) and retryPolicy(RetryPolicy) have been set.

    • buildKeyEncryptionKey

      public com.azure.core.cryptography.KeyEncryptionKey buildKeyEncryptionKey(JsonWebKey key)
      Creates a local KeyEncryptionKeyClient for a given JSON Web Key. Every time buildKeyEncryptionKey(JsonWebKey) is called, a new instance of KeyEncryptionKey is created. For local clients, all other builder settings are ignored.

      The key is required to build the client.

      Parameters:
      key - The JsonWebKey to be used for cryptography operations.
      Returns:
      A KeyEncryptionKeyClient with the options set from the builder.
      Throws:
      IllegalStateException - If {key is not set.

    • buildAsyncKeyEncryptionKey

      public Mono<? extends com.azure.core.cryptography.AsyncKeyEncryptionKey> buildAsyncKeyEncryptionKey(String keyId)
      Creates a KeyEncryptionKeyAsyncClient based on options set in the builder. Every time buildAsyncKeyEncryptionKey(String) is called, a new instance of KeyEncryptionKeyAsyncClient is created.

      If pipeline is set, then the pipeline and keyId are used to create the async client. All other builder settings are ignored. If pipeline is not set, then an Azure Key Vault credentials and keyId are required to build the async client.

      Specified by:
      buildAsyncKeyEncryptionKey in interface com.azure.core.cryptography.AsyncKeyEncryptionKeyResolver
      Parameters:
      keyId - The Azure Key Vault key identifier of the JSON Web Key stored in the key vault. You should validate that this URL references a valid Key Vault or Managed HSM resource. Refer to the following documentation for details.
      Returns:
      A KeyEncryptionKeyAsyncClient with the options set from the builder.
      Throws:
      IllegalStateException - If credential(TokenCredential) is null or keyId is empty or null.
      IllegalStateException - If both retryOptions(RetryOptions) and retryPolicy(RetryPolicy) have been set.

    • buildAsyncKeyEncryptionKey

      public Mono<? extends com.azure.core.cryptography.AsyncKeyEncryptionKey> buildAsyncKeyEncryptionKey(JsonWebKey key)
      Creates a local KeyEncryptionKeyAsyncClient based on options set in the builder. Every time buildAsyncKeyEncryptionKey(String) is called, a new instance of KeyEncryptionKeyAsyncClient is created. For local clients, all other builder settings are ignored.

      The key is required to build the client.

      Parameters:
      key - The key to be used for cryptography operations.
      Returns:
      A KeyEncryptionKeyAsyncClient with the options set from the builder.
      Throws:
      IllegalArgumentException - If key has no id.
      IllegalStateException - If key is null.

    • credential

      public KeyEncryptionKeyClientBuilder credential(com.azure.core.credential.TokenCredential credential)
      Sets the TokenCredential used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of the TokenCredential type.
      Specified by:
      credential in interface com.azure.core.client.traits.TokenCredentialTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      credential - TokenCredential used to authorize requests sent to the service.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.
      Throws:
      NullPointerException - If credential is null.

    • httpLogOptions

      public KeyEncryptionKeyClientBuilder httpLogOptions(com.azure.core.http.policy.HttpLogOptions logOptions)
      Sets the logging configuration to use when sending and receiving requests to and from the service. If a logLevel is not provided, default value of HttpLogDetailLevel.NONE is set.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      httpLogOptions in interface com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      logOptions - The logging configuration to use when sending and receiving requests to and from the service.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • addPolicy

      public KeyEncryptionKeyClientBuilder addPolicy(com.azure.core.http.policy.HttpPipelinePolicy policy)
      Adds a pipeline policy to apply on each request sent.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      addPolicy in interface com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      policy - A pipeline policy.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.
      Throws:
      NullPointerException - If policy is null.

    • httpClient

      public KeyEncryptionKeyClientBuilder httpClient(com.azure.core.http.HttpClient client)
      Sets the HttpClient to use for sending and receiving requests to and from the service.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      httpClient in interface com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      client - The HttpClient to use for requests.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • pipeline

      public KeyEncryptionKeyClientBuilder pipeline(com.azure.core.http.HttpPipeline pipeline)
      Sets the HttpPipeline to use for the service client.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      pipeline in interface com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      pipeline - HttpPipeline to use for sending service requests and receiving responses.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • configuration

      public KeyEncryptionKeyClientBuilder configuration(com.azure.core.util.Configuration configuration)
      Sets the configuration store that is used during construction of the service client. The default configuration store is a clone of the global configuration store, use Configuration.NONE to bypass using configuration settings during construction.
      Specified by:
      configuration in interface com.azure.core.client.traits.ConfigurationTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      configuration - The configuration store used to get configuration details.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • serviceVersion

      public KeyEncryptionKeyClientBuilder serviceVersion(CryptographyServiceVersion version)
      Sets the CryptographyServiceVersion that is used when making API requests.

      If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version the client library will have the result of potentially moving to a newer service version.

      Parameters:
      version - CryptographyServiceVersion of the service to be used when making requests.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • retryPolicy

      public KeyEncryptionKeyClientBuilder retryPolicy(com.azure.core.http.policy.RetryPolicy retryPolicy)
      Sets the RetryPolicy that is used when each request is sent. The default retry policy will be used in the pipeline, if not provided. Setting this is mutually exclusive with using retryOptions(RetryOptions).
      Parameters:
      retryPolicy - User's retry policy applied to each request.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • retryOptions

      public KeyEncryptionKeyClientBuilder retryOptions(com.azure.core.http.policy.RetryOptions retryOptions)
      Sets the RetryOptions for all the requests made through the client.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Setting this is mutually exclusive with using retryPolicy(RetryPolicy).

      Specified by:
      retryOptions in interface com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      retryOptions - The RetryOptions to use for all the requests made through the client.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • clientOptions

      public KeyEncryptionKeyClientBuilder clientOptions(com.azure.core.util.ClientOptions clientOptions)
      Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of the HttpClientOptions class (a subclass of the ClientOptions base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      clientOptions in interface com.azure.core.client.traits.HttpTrait<KeyEncryptionKeyClientBuilder>
      Parameters:
      clientOptions - A configured instance of HttpClientOptions.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.
      See Also:
      • HttpClientOptions

    • disableChallengeResourceVerification

      public KeyEncryptionKeyClientBuilder disableChallengeResourceVerification()
      Disables verifying if the authentication challenge resource matches the Key Vault or Managed HSM domain. This verification is performed by default.
      Returns:
      The updated KeyEncryptionKeyClientBuilder object.

    • disableKeyCaching

      public KeyEncryptionKeyClientBuilder disableKeyCaching()
      Disables local key caching and defers all cryptographic operations to the service.

      This method will have no effect if buildAsyncKeyEncryptionKey(JsonWebKey) or buildKeyEncryptionKey(JsonWebKey) are used to create a client.

      Returns:
      The updated KeyEncryptionKeyClientBuilder object.