@Documented @Retention(value=RUNTIME) @Target(value={TYPE,FIELD}) public @interface Encrypted
Encrypted
provides data required for MongoDB Client Side Field Level Encryption that is applied during schema
resolution. It can be applied on top level (typically those types annotated with Document
to provide the
encryptMetadata.
@Document @Encrypted(keyId = "4fPYFM9qSgyRAjgQ2u+IMQ==") public class Patient { private ObjectId id; private String name; @Field("publisher_ac") @DocumentReference(lookup = "{ 'acronym' : ?#{#target} }") private Publisher publisher; } "encryptMetadata": { "keyId": [ { "$binary": { "base64": "4fPYFM9qSgyRAjgQ2u+IMQ==", "subType": "04" } } ] }
public class Patient { private ObjectId id; private String name; @Encrypted(keyId = "4fPYFM9qSgyRAjgQ2u+IMQ==", algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic") private String ssn; } "ssn" : { "encrypt": { "keyId": [ { "$binary": { "base64": "4fPYFM9qSgyRAjgQ2u+IMQ==", "subType": "04" } } ], "algorithm" : "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic", "bsonType" : "string" } }
public abstract String[] keyId
keyId
to use. The value must resolve to either the UUID representation of the key or a base64
encoded value representing the UUID value.
On ElementType.TYPE
level the keyId()
can be left empty if explicitly set for fields. ElementType.FIELD
level the keyId()
can be left empty if inherited from
encryptMetadata.expression
. In
this case the #target
variable will hold the target element name.public abstract String algorithm
ElementType.TYPE
level the algorithm()
can be left empty if explicitly set for fields. ElementType.FIELD
level the algorithm()
can be left empty if inherited from
encryptMetadata.EncryptionAlgorithms
Copyright © 2011–2021 Pivotal Software, Inc.. All rights reserved.