Annotation Interface Encrypted
Encrypted
provides data required for MongoDB Client Side Field Level Encryption that is applied during schema
resolution. It can be applied on top level (typically those types annotated with Document
to provide the
encryptMetadata.
@Document @Encrypted(keyId = "4fPYFM9qSgyRAjgQ2u+IMQ==") public class Patient { private ObjectId id; private String name; @Field("publisher_ac") @DocumentReference(lookup = "{ 'acronym' : ?#{#target} }") private Publisher publisher; } "encryptMetadata": { "keyId": [ { "$binary": { "base64": "4fPYFM9qSgyRAjgQ2u+IMQ==", "subType": "04" } } ] }
On property level it is used for deriving field specific encrypt settings.
public class Patient { private ObjectId id; private String name; @Encrypted(keyId = "4fPYFM9qSgyRAjgQ2u+IMQ==", algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic") private String ssn; } "ssn" : { "encrypt": { "keyId": [ { "$binary": { "base64": "4fPYFM9qSgyRAjgQ2u+IMQ==", "subType": "04" } } ], "algorithm" : "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic", "bsonType" : "string" } }
- Since:
- 3.3
- Author:
- Christoph Strobl
-
Optional Element Summary
Optional Elements
-
Element Details
-
keyId
String[] keyIdGet thekeyId
to use. The value must resolve to either the UUID representation of the key or a base64 encoded value representing the UUID value.
OnElementType.TYPE
level thekeyId()
can be left empty if explicitly set for fields.
OnElementType.FIELD
level thekeyId()
can be left empty if inherited from encryptMetadata.- Returns:
- the key id to use. May contain a parsable
expression
. In this case the#target
variable will hold the target element name.
- Default:
- {}
-
algorithm
String algorithmSet the algorithm to use.
OnElementType.TYPE
level thealgorithm()
can be left empty if explicitly set for fields.
OnElementType.FIELD
level thealgorithm()
can be left empty if inherited from encryptMetadata.- Returns:
- the encryption algorithm.
- See Also:
- Default:
- ""
-