I need to encrypt one field in a mongo document. What is the best way to do it? I use spring. There is spring annotation for it?
Asked
Active
Viewed 5,966 times
3 Answers
2
You can use this library that adds support for @Encrypted annotation fields:
<dependency>
<groupId>com.bol</groupId>
<artifactId>spring-data-mongodb-encrypt</artifactId>
<version>1.0.1</version>
</dependency>
To configure spring:
@Bean
public CryptVault cryptVault() {
return new CryptVault()
.with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(0, oldKey)
.with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(1, secretKey)
// can be omitted if it's the highest version
.withDefaultKeyVersion(1);
}
@Bean
public EncryptionEventListener encryptionEventListener(CryptVault cryptVault) {
return new EncryptionEventListener(cryptVault);
}
And to use it:
@Document
public class MyBean {
@Id
public String id;
// not encrypted
@Field
public String nonSensitiveData;
// encrypted primitive types
@Field
@Encrypted
public String secretString;
@Field
@Encrypted
public Long secretLong;
// encrypted sub-document (MySubBean is serialized, encrypted and stored as byte[])
@Field
@Encrypted
public MySubBean secretSubBean;
// encrypted collection (list is serialized, encrypted and stored as byte[])
@Field
@Encrypted
public List<String> secretStringList;
// values containing @Encrypted fields are encrypted
@Field
public MySubBean nonSensitiveSubBean;
// values containing @Encrypted fields are encrypted
@Field
public List<MySubBean> nonSensitiveSubBeanList;
// encrypted map (values containing @Encrypted fields are replaced by encrypted byte[])
@Field
public Map<String, MySubBean> publicMapWithSecretParts;
}
public class MySubBean {
@Field
public String nonSensitiveData;
@Field
@Encrypted
public String secretString;
}
For more info, check out the project website
Agoston Horvath
- 781
- 8
- 13
-
1While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/low-quality-posts/17766399) – Mark Rotteveel Oct 28 '17 at 12:17
-
there is nothing more to add. it's a library that _is_ the answer to the question. please don't misuse moderator right. – Agoston Horvath Oct 28 '17 at 12:31
-
1No, an actual answer would show how the library can be used in the answer itself. See also [Your answer is in another castle: when is an answer not an answer?](https://meta.stackexchange.com/questions/225370/your-answer-is-in-another-castle-when-is-an-answer-not-an-answer) – Mark Rotteveel Oct 28 '17 at 12:41
-
You know that's just copying the doc from the project website, which is doomed to get outdated, but there you go. – Agoston Horvath Oct 28 '17 at 12:57
-
Thanks. Of course it is entirely possible that the linked documentation changes (or maybe even disappears), and that is exactly the reason why an answer should stand on its own, and not rely on links except for supporting information. – Mark Rotteveel Oct 28 '17 at 13:00
-
right, but outdated info is maybe worse than no info. you can (and should) always google for the most relevant info, but the question here was more about keywords than copied doc. – Agoston Horvath Oct 28 '17 at 19:44
-
If you want to discuss established rules and expectations for answers, you are welcome to start a discussion on [meta] – Mark Rotteveel Oct 29 '17 at 07:24
-
I just wanted to put the library I made when I was googling for the same question, to the same places I've been looking at back then. I had no idea it's so hard to post a helpful answer around here. – Agoston Horvath Oct 29 '17 at 11:12
-1
You can use custom encryption scheme and store that, into database. In rails it will be easy to do so.
include Mongoid::Document
field :encrypted_me, type: String, encrypted: true
If you can describe what platform you are using that will make some clarification.
Muaaz Rafi
- 99
- 1
- 1
- 5