CODEWITHSUNDEEP
javaspringmongodb
janneob
janneob

Reputation: 959

How to encrypt field in MongoDB

I need to encrypt one field in a mongo document. What is the best way to do it? I use spring. There is spring annotation for it?

Upvotes: 8

Views: 6263

Answers (3)

Agoston Horvath
Agoston Horvath

Reputation: 791

You can use this library that adds support for @Encrypted annotation fields:

<dependency>
    <groupId>com.bol</groupId>
    <artifactId>spring-data-mongodb-encrypt</artifactId>
    <version>1.0.1</version>
</dependency>

To configure spring:

@Bean
public CryptVault cryptVault() {
    return new CryptVault()
            .with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(0, oldKey)
            .with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(1, secretKey)
            // can be omitted if it's the highest version
            .withDefaultKeyVersion(1);
}

@Bean
public EncryptionEventListener encryptionEventListener(CryptVault cryptVault) {
    return new EncryptionEventListener(cryptVault);
}

And to use it:

@Document
public class MyBean {
    @Id
    public String id;

    // not encrypted
    @Field
    public String nonSensitiveData;

    // encrypted primitive types
    @Field
    @Encrypted
    public String secretString;

    @Field
    @Encrypted
    public Long secretLong;

    // encrypted sub-document (MySubBean is serialized, encrypted and stored as byte[])
    @Field
    @Encrypted
    public MySubBean secretSubBean;

    // encrypted collection (list is serialized, encrypted and stored as byte[])
    @Field
    @Encrypted
    public List<String> secretStringList;

    // values containing @Encrypted fields are encrypted
    @Field
    public MySubBean nonSensitiveSubBean;

    // values containing @Encrypted fields are encrypted
    @Field
    public List<MySubBean> nonSensitiveSubBeanList;

    // encrypted map (values containing @Encrypted fields are replaced by encrypted byte[])
    @Field
    public Map<String, MySubBean> publicMapWithSecretParts;
}

public class MySubBean {
    @Field
    public String nonSensitiveData;

    @Field
    @Encrypted
    public String secretString;
}

For more info, check out the project website

Upvotes: 2

Muaaz Rafi
Muaaz Rafi

Reputation: 99

You can use custom encryption scheme and store that, into database. In rails it will be easy to do so. 

 include Mongoid::Document
 field :encrypted_me, type: String, encrypted: true

If you can describe what platform you are using that will make some clarification.

Upvotes: -1

aurelius
aurelius

Reputation: 4076

the encryption can be done for now only from java. here you have the same question asked last month

this has been done already in ruby, so if you want to use jruby for this in your project take a look at this

or you can wait until the MongoDB includes this in their API

Upvotes: 2

Related Questions