Skip to content

Latest commit

 

History

History
173 lines (129 loc) · 5.39 KB

README.md

File metadata and controls

173 lines (129 loc) · 5.39 KB

Java Spring Boot Template with MongoDB CSFLE.

This project is a template for a Java Spring Boot application with MongoDB Client-Side Field Level Encryption using Spring Data MongoDB.

This repository provides reusable classes and methods to easily implement MongoDB CSFLE in an existing Java Spring Boot application.

Here are a few features in this repository:

  • Multiple encrypted collections.
  • Automated JSON Schema generation.
  • Server side JSON Schema.
  • Separated clusters for DEKs and encrypted collections.
  • Automated data encryption keys generation or retrieval.
  • SpEL Evaluation Extension.
  • Auto-implemented repositories.
  • Open API documentation 3.0.1.

Prerequisites

Getting Started

Update the application.yaml with your MongoDB URIs and MongoDB Automatic Encryption Shared library path.

For Linux and macOS.

./mvnw spring-boot:run

For Windows.

mvnw.cmd spring-boot:run

MongoDB

You can create a new cluster on MongoDB Atlas or, for testing and local development purposes only, you can create an ephemeral local single node replica set with the following command:

docker run --rm -d -p 27017:27017 -h $(hostname) --name mongo mongodb/mongodb-enterprise-server:latest --replSet=RS && \
sleep 5 && \
docker exec mongo mongosh --quiet --eval "rs.initiate();"

Note: When you are using MongoDB Client-Side Field Level Encryption, you have the opportunity to store the data and the keys in two separate clusters in order to manage the keys independently of the data. You can choose to do so to have a different backup retention policy for your two clusters (interesting for GDPR Article 17 "Right to erasure" for instance). For more information, see Client-Side Field Level Encryption.

MongoDB Automatic Encryption Shared Library

Make sure to download and extract the shared library in the folder of your choice.

crypt.shared.lib.path=software/mongo_crypt_shared_v1-linux-x86_64-enterprise-ubuntu2204-8.0.3/lib/mongo_crypt_v1.so

Test REST API

Swagger 3

Persons

Create a person document:

curl -X POST http://localhost:8080/person \
  -H 'Content-Type: application/json' \
  -d '{
    "first_name": "John",
    "last_name": "Doe",
    "ssn": "123-45-6789",
    "blood_type": "A+"
}'

Find all the persons in the database. Note that the decryption is done automatically:

curl http://localhost:8080/persons

Find one person by SSN in the database. Note that the encryption of the SSN (for the search) is done automatically. Same for the decryption:

curl http://localhost:8080/person/ssn/123-45-6789

Read the encrypted data in the persons collection:

mongosh "mongodb://localhost/mydb" --quiet --eval "db.persons.find()"

Result in the persons collection:

[
  {
    _id: ObjectId("6537e9859f1b170d4cd25bee"),
    firstName: 'John',
    lastName: 'Doe',
    ssn: Binary.createFromBase64("AflGzaz/YUj6m2aENIoB50MCn1rhDllb79H17xjkUMK2obL7i038eANieCC/nO7AcaPBtpOdtqqPEvNdd9VgnC6l9QaLEIC/5w+CYPujkNxFIA37PrsqMlDeL3AsMuAgTZg=", 6),
    bloodType: Binary.createFromBase64("AvlGzaz/YUj6m2aENIoB50MCaHTxjCBlPZIck2gstfXB6yFfJ0KISjJJE24k3LXDoTv09GH+cwq+u6ApBuDU5OBkRe/6U8nPRKKcc5nirBLIzg==", 6),
    _class: 'com.mongodb.quickstart.javaspringbootcsfle.model.PersonEntity'
  }
]

Companies

Create a company document:

curl -X POST http://localhost:8080/company \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "MongoDB",
    "money": 42
}'

Find all the companies in the database. Note that the decryption is done automatically:

curl http://localhost:8080/companies

Read the encrypted data in the companies collection:

mongosh "mongodb://localhost/mydb" --quiet --eval "db.companies.find()"

Result in the companies collection:

[
  {
    _id: ObjectId("653b1022110ea0067196894d"),
    name: 'MongoDB',
    money: Binary.createFromBase64("Au+QLuvvXE+gvw8N69fAbDYSjn2ep7Ye/Ap+N1YdBBuUOhLSpQtK9B7U38dx8xIcMz3sBvfOttqW8AOvRISxFa8a47T422hSnnwgCAjPNifnpA==", 6),
    _class: 'com.mongodb.quickstart.javaspringbootcsfle.model.CompanyEntity'
  }
]