DOCSP-13035: CSFLE Azure and Java (#687)

Chris Cho · web-flow · commit 2f288a140adc · 2020-11-09T08:42:18.000-05:00
* DOCSP-12575: add Azure instructions for Java
diff --git a/source/includes/steps-fle-convert-to-a-remote-master-key-aws.yaml b/source/includes/steps-fle-convert-to-a-remote-master-key-aws.yaml
@@ -156,6 +156,12 @@ content: |
            String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());
 
            System.out.println("DataKeyId [base64]: " + base64DataKeyId);
+
+        .. note::
+
+           To use AWS KMS, you must use `mongodb-crypt <https://mvnrepository.com/artifact/org.mongodb/mongodb-crypt>`__
+           version 1.0 or later in your application's environment.
+
      .. tab::
         :tabid: nodejs
 
@@ -174,6 +180,7 @@ content: |
 
            const base64DataKeyId = key.toString('base64');
            console.log('DataKeyId [base64]: ', base64DataKeyId);
+
      .. tab::
         :tabid: python
 
diff --git a/source/includes/steps-fle-convert-to-a-remote-master-key-azure.yaml b/source/includes/steps-fle-convert-to-a-remote-master-key-azure.yaml
@@ -83,6 +83,10 @@ content: |
      .. tab::
         :tabid: java-sync
 
+        In ``CSFLEHelpers.java``, update the ``kmsProviders`` map that you
+        pass to ``ClientEncryptionSettings.builder().kmsProviders()`` method
+        with your Azure authentication details:
+
 
         .. code-block:: java
 
@@ -96,6 +100,11 @@ content: |
            Map<String, Map<String, Object>> kmsProviders = new HashMap<String, Map<String, Object>>();
            kmsProviders.put("azure", providerDetails);
 
+           ClientEncryptionSettings clientEncryptionSettings = ClientEncryptionSettings.builder()
+               // ...
+               .kmsProviders(kmsProviders)
+               .build();
+
      .. tab::
         :tabid: nodejs
 
@@ -192,28 +201,24 @@ content: |
      .. tab::
         :tabid: java-sync
 
-        .. code-block:: Java
+        In ``CSFLEHelpers.java``, add your KMS provider and master key
+        details to your call to createDataKey() on your ``ClientEncryption``
+        instance as follows:
 
-           // TODO: update for Azure
-           ClientEncryption clientEncryption = ClientEncryptions.create(ClientEncryptionSettings.builder()
-               .keyVaultMongoClientSettings(MongoClientSettings.builder()
-                   .applyConnectionString(new ConnectionString("mongodb://localhost:27017"))
-                   .build())
-               .keyVaultNamespace(keyVaultNamespace)
-               .kmsProviders(kmsProviders)
-               .build());
+        .. code-block:: Java
 
-           BsonString masterKeyRegion = new BsonString("<Master Key AWS Region>"); // e.g. "us-east-2"
-           BsonString masterKeyArn = new BsonString("<Master Key ARN>"); // e.g. "arn:aws:kms:us-east-2:111122223333:alias/test-key"
            DataKeyOptions dataKeyOptions = new DataKeyOptions().masterKey(
                new BsonDocument()
-                   .append("region", masterKeyRegion)
-                   .append("key", masterKeyArn));
+                   .append("keyName", new BsonString("<Azure key name>"))
+                   .append("keyVersion", new BsonString("<Azure key version>"))
+                   .append("keyVersion", new BsonString("<Azure key vault endpoint>")));
+
+           BsonBinary dataKeyId = clientEncryption.createDataKey("azure", dataKeyOptions);
 
-           BsonBinary dataKeyId = clientEncryption.createDataKey("aws", dataKeyOptions);
-           String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());
+        .. note::
 
-           System.out.println("DataKeyId [base64]: " + base64DataKeyId);
+           To use the Azure Key Vault, you must use `mongodb-crypt <https://mvnrepository.com/artifact/org.mongodb/mongodb-crypt>`__
+           version 1.1 or later in your application's environment.
 
      .. tab::
         :tabid: nodejs
