Package org.springframework.data.mongodb.core.mapping

Annotation Interface ExplicitEncrypted

@Retention(RUNTIME) @Target(FIELD) @Encrypted @ValueConverter public @interface ExplicitEncrypted
ExplicitEncrypted is a field level ValueConverter annotation that indicates the target element is subject to encryption during the mapping process, in which a given domain type is converted into the store specific format.

The value() attribute, defines the bean type to look up within the ApplicationContext to obtain the EncryptingConverter responsible for the actual en-/decryption while algorithm() and keyAltName() can be used to define aspects of the encryption process. 

 public class Patient {
        private ObjectId id;
        private String name;

        @ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random, keyAltName = "secred-key-alternative-name") //
        private String ssn;
 }
Since:
4.1
Author:
Christoph Strobl
See Also:

  • Element Details

    • algorithm

      @AliasFor(annotation=Encrypted.class, value="algorithm") String algorithm
      Define the algorithm to use.

      A Deterministic algorithm ensures that a given input value always encrypts to the same output while a randomized one will produce different results every time.

      Please make sure to use an algorithm that is in line with MongoDB's encryption rules for simple types, complex objects and arrays as well as the query limitations that come with each of them.

      Returns:
      the string representation of the encryption algorithm to use.
      See Also:
      Default:
      ""

    • keyAltName

      String keyAltName
      Set the Key Alternate Name that references the Data Encryption Key to be used.

      An empty String indicates that no alternative key name was configured.

      It is possible to use the "/" character as a prefix to access a particular field value in the same domain type. In this case "/name" references the value of the name field. Please note that update operations will require the full object to resolve those values.

      Returns:
      the Key Alternate Name if set or an empty String.
      Default:
      ""

    • value

      @AliasFor(annotation=org.springframework.data.convert.ValueConverter.class, value="value") Class<? extends PropertyValueConverter> value
      The EncryptingConverter type handling the en-/decryption of the annotated property.
      Returns:
      the configured EncryptingConverter. A MongoEncryptionConverter by default.
      Default:
      org.springframework.data.mongodb.core.convert.encryption.MongoEncryptionConverter.class