Created
January 23, 2020 15:13
-
-
Save sarjarapu/92541152817afd23e208f463a7c87bc2 to your computer and use it in GitHub Desktop.
A JavaScript to illustrate insert/find operations while using MongoDB client-side field level encryption with automatic encryption feature.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// NOTE: In the explicit encryption method all insert/update/find operations should ship encrypted data. | |
// Let's explore an MongoDB Enterprise that helps automatically encryption / decryption data for you. But first, | |
// define a JSON schema mapping for our patients collection via the Field-Level option. | |
const healthCareAppSchema = { | |
"health_care_app.patients": { | |
"bsonType": "object", | |
"properties": { | |
"medRecNum": { | |
"bsonType": "int" | |
}, | |
"firstName": { | |
"bsonType": "string" | |
}, | |
"lastName": { | |
"bsonType": "string" | |
}, | |
"ssn": { | |
"encrypt": { | |
"bsonType": "string", | |
"algorithm": SSN_ENCRYPTION_ALGORITHM, | |
"keyId": [SSN_ENCRYPTION_KEY_UUID] | |
} | |
}, | |
"mobile": { | |
"encrypt": { | |
"bsonType": "string", | |
"algorithm": MOBILE_ENCRYPTION_ALGORITHM, | |
"keyId": [MOBILE_ENCRYPTION_KEY_UUID] | |
} | |
}, | |
"comment": { | |
"bsonType": "string" | |
} | |
} | |
} | |
}; | |
// lets recreate the client-side Field-Level encryption options with schemaMap | |
var csfleOptionsWithSchema = { | |
"keyVaultNamespace" : "encryption.__dataKeys", | |
"kmsProviders" : { | |
"local" : { | |
"key" : BinData(0, LOCAL_KEY) | |
} | |
}, | |
"schemaMap" : healthCareAppSchema | |
}; | |
var csfleClient = Mongo("mongodb://localhost:28000", csfleOptionsWithSchema); | |
var csfleDB = csfleClient.getDB("health_care_app"); | |
// insert a new record patient record | |
// Notice that values being inserted are in plain text. | |
csfleDB.getCollection("patients").insert({ | |
"_id": 7, | |
"medRecNum": 7, | |
"firstName": "James", | |
"lastName": "Bond", | |
"ssn": "777-77-7777", | |
"mobile": "777-777-7777", | |
"comment": "James Bond SSN/Phone are automatically encrypted." | |
}); | |
// note the plainDB client shows that data is stored in BinData | |
var plainDB = plainClient.getDB("health_care_app"); | |
plainDB.getCollection("patients").findOne({"_id": 7}); | |
/* | |
{ | |
"_id" : 7, | |
"medRecNum" : 7, | |
"firstName" : "James", | |
"lastName" : "Bond", | |
"ssn" : BinData(6,"AWE7iEZXVUV9my4XXm0O38sCR6xSEF8KA8kLZEMlCdCszXK/tqSWKOm30I34OHp5Bssc2CZy4eOhyPRRFfRziu+HvRHtqs9FDxSJ/9ER9zLLwJ/Izy5UoHHbJFIk99tRY3s="), | |
"mobile" : BinData(6,"AjtqXpdbrUKmnslCbIXOtZUC81TuNTJSB3Gq3c6GFETMreRZJPCZOuzUdfI0gLpovBf1ISgGBQrfNWGUBP78qCnpMfkc1Wijnwio8sQK8stk0yNQawlmp8NA9yGHsphXuDQ="), | |
"comment" : "James Bond SSN/Phone are automatically encrypted." | |
} | |
*/ | |
// Find patient by plain SSN returns the data. | |
// Note: The find operation is also using the plain text. But the field values | |
// in the filter are automatically encrypted before sending the query to server | |
csfleDB.getCollection("patients").findOne({"ssn": "111-11-1111"}) | |
/* | |
{ | |
"_id" : 1, | |
"medRecNum" : 1, | |
"firstName" : "John", | |
"lastName" : "Doe", | |
"ssn" : "111-11-1111", | |
"mobile" : "111-111-1111", | |
"comment" : "John Doe's SSN/Phone are manually encrypted." | |
} | |
*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment