Menu
I need to encrypt one field in a mongo document. What is the best way to do it? I use spring. There is spring annotation for it?
535
Starting with MongoDB 4.2, the server supports using schema validation to enforce encryption of specific fields in a collection. Use the automatic encryption rule keywords with the $jsonSchema validation object to indicate which fields require encryption.
MongoDB Enterprise 3.2 introduces a native encryption option for the WiredTiger storage engine. This feature allows MongoDB to encrypt data files such that only parties with the decryption key can decode and read the data.
With the latest version 3.2, MongoDB also includes a fully integrated encryption-at-rest solution that reduces cost and performance overhead.
the encryption can be done for now only from java. here you have the same question asked last month
this has been done already in ruby, so if you want to use jruby for this in your project take a look at this
or you can wait until the MongoDB includes this in their API
149
You can use this library that adds support for @Encrypted annotation fields:
<dependency>
<groupId>com.bol</groupId>
<artifactId>spring-data-mongodb-encrypt</artifactId>
<version>1.0.1</version>
</dependency>
To configure spring:
@Bean
public CryptVault cryptVault() {
return new CryptVault()
.with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(0, oldKey)
.with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(1, secretKey)
// can be omitted if it's the highest version
.withDefaultKeyVersion(1);
}
@Bean
public EncryptionEventListener encryptionEventListener(CryptVault cryptVault) {
return new EncryptionEventListener(cryptVault);
}
And to use it:
@Document
public class MyBean {
@Id
public String id;
// not encrypted
@Field
public String nonSensitiveData;
// encrypted primitive types
@Field
@Encrypted
public String secretString;
@Field
@Encrypted
public Long secretLong;
// encrypted sub-document (MySubBean is serialized, encrypted and stored as byte[])
@Field
@Encrypted
public MySubBean secretSubBean;
// encrypted collection (list is serialized, encrypted and stored as byte[])
@Field
@Encrypted
public List<String> secretStringList;
// values containing @Encrypted fields are encrypted
@Field
public MySubBean nonSensitiveSubBean;
// values containing @Encrypted fields are encrypted
@Field
public List<MySubBean> nonSensitiveSubBeanList;
// encrypted map (values containing @Encrypted fields are replaced by encrypted byte[])
@Field
public Map<String, MySubBean> publicMapWithSecretParts;
}
public class MySubBean {
@Field
public String nonSensitiveData;
@Field
@Encrypted
public String secretString;
}
For more info, check out the project website
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
