toc
Java SDK
A full reference of our Java SDK.
You can use our Java SDK to:
- Encrypt data at your server
- Run your Cages
- Encrypt/decrypt data with Relay
You can use our Java SDK to encrypt data — rather than with Relay — and still send it to a third-party via Relay. Encrypting with our backend SDKs is best for developers who want to avoid the network latency of Relay and/or want to avoid sending plaintext data to Relay to be encrypted.
Encrypting data with our backend SDKs instead of Relay may expose you to greater compliance burden because plaintext data touches your server before it is encrypted.
You don’t need to change your database configuration. You can store Evervault-encrypted data in your database as you would the plaintext version.
Installation
Our Java SDK is distributed via maven and can be installed using your preferred build tool.
Gradle
implementation 'com.evervault:lib:2.1.1'
Maven
xml<dependency><groupId>com.evervault</groupId><artifactId>lib</artifactId><version>2.1.1</version></dependency>
Initialization
java// Import Evervaultimport com.evervault.Evervault;// Initialize the client with your team’s API keyvar evervault = new Evervault("<YOUR_API_KEY>");// Encrypt your datavar encrypted = evervault.encrypt("Claude");// Process the encrypted data in a Cagevar result = evervault.run("hello-cage", encrypted, false, null);
Relay Interception
The Evervault Java SDK can be used to route all outbound HTTPS requests through Relay for decryption. This can be done by setting up a proxy to Evervault on your HTTP client.
To disable this behaviour, set intercept to false in the initialization options.
Evervault CA
To allow outbound interception with Relay the Evervault Root Ca certificate must be added to the JVM keystore.
shcurl https://ca.evervault.com --output evervault-ca.certsudo keytool -import -alias evervault-ca -file evervault-ca.cert -keystore <path/to/jdk/cacerts>
Setting up HTTP Client With Proxy
The Apache Closeable HTTP Client requires the proxy and credentials to be explicitly set. When initialising your http client, you will need to get the CredentialsProvider from the Evervault SDK and the host from the Evervault ProxySystemSettings class. If you set ignoreDomains when initialising the SDK, you will need to add the Evervault HttpRoutePlanner to the builder.
java// Import ProxySettings for setting proxy hostimport com.evervault.utils.ProxySystemSettings;// Initialise Evervault SDKvar evervault = new Evervault(apiKey)// Build httpClient with proxyCloseableHttpClient httpClient = HttpClientBuilder.create().setProxy(ProxySystemSettings.PROXY_HOST).setDefaultCredentialsProvider(evervault.getEvervaultProxyCredentials()).setRoutePlanner(evervault.getEvervaultHttpRoutePlanner()) //This route planner has the ignoreDomains array loaded into it..build();
We currently only support CONNECT-over-TLS in order to avoid transmitting credentials in plaintext. The Apache Http Client does support this. The core Java Http Clients do NOT currently support this.Manual Proxy
If you use a different http client to the Apache HTTPClient above and it supports CONNECT-over-TLS, you can setup relay interception by setting the http client to proxy requests through relay with these details:
| Setting | Value |
|---|---|
| host | strict.relay.evervault.com |
| port | 443 |
| user | Your Evervault Team's UUID (Can be found in the Evervault Dashboard) |
| password | Your Evervault Team's API_KEY (Can be found in the Evervault Dashboard) |
Make sure to set intercept to false in the SDK if you are setting up the proxy manually. This will stop any conflicts.
Reference
The Evervault Java SDK exposes a constructor and two functions:
evervault.encrypt()evervault.run()
Evervault Constructor
Evervault constructor expects your api key which you can retrieve from evervault website. There are also optional parameters.
javavar evervault = new Evervault(API_KEY);
| Parameter | Type | Description |
|---|---|---|
apiKey | String | The API key of your Evervault Team |
curve | Evervault.EcdhCurve | The elliptic curve used for cryptographic operations. See Elliptic Curve Support to learn more. |
intercept | Boolean | Route outbound requests through Evervault to automatically decrypt encrypted fields. |
ignoreDomains | String[] | An array of hostnames which will not be routed through Evervault for decryption. eg("api.example.com", "support.example.com") |
evervault.encrypt()
encrypt will encrypt your data and return an object which is a String in case you passed a literal type like bool, string, int, float, char, byte.
In case you pass a map<literal, literal> then the key will be preserved and the value will be an encrypted string. If value is another map for example, it will follow the sample principle recursively.
In case you pass a vector with literals the return will be vector with encrypted strings.
javavar name = (String) evervault.encrypt(plaintext_name);
| Parameter | Type | Description |
|---|---|---|
data | Object | Data to be encrypted. |
evervault.run()
evervault.run() lets you invoke a Cage with a given payload.
javavar cageResult = evervault.run(cageName, encryptedData, false, null);
| Parameter | Type | Description |
|---|---|---|
cageName | String | Name of the Cage to be run. |
data | Object | Payload for the Cage. |
async | String | Run your Cage in async mode. Async Cage runs will be queued for processing. |
version | Object | Specify the version of your Cage to run. By default, the latest version will be run. |