Annotation Interface ExplicitEncrypted
ExplicitEncrypted
is a field
level ValueConverter
annotation that indicates
the target element is subject to encryption during the mapping process, in which a given domain type is converted
into the store specific format.
The value()
attribute, defines the bean type to look up within the
ApplicationContext
to obtain the EncryptingConverter
responsible for the
actual en-/decryption while algorithm()
and keyAltName()
can be used to define aspects
of the encryption process.
public class Patient { private ObjectId id; private String name; @ExplicitEncrypted(algorithm = AEAD_AES_256_CBC_HMAC_SHA_512_Random, keyAltName = "secred-key-alternative-name") // private String ssn; }
- Since:
- 4.1
- Author:
- Christoph Strobl
- See Also:
-
Optional Element Summary
Modifier and TypeOptional ElementDescriptionDefine the algorithm to use.Set the Key Alternate Name that references the Data Encryption Key to be used.Class<? extends PropertyValueConverter>
TheEncryptingConverter
type handling the en-/decryption of the annotated property.
-
Element Details
-
algorithm
Define the algorithm to use.A Deterministic algorithm ensures that a given input value always encrypts to the same output while a randomized one will produce different results every time.
Please make sure to use an algorithm that is in line with MongoDB's encryption rules for simple types, complex objects and arrays as well as the query limitations that come with each of them.
- Returns:
- the string representation of the encryption algorithm to use.
- See Also:
- Default:
- ""
-
keyAltName
String keyAltNameSet the Key Alternate Name that references the Data Encryption Key to be used.An empty String indicates that no alternative key name was configured.
It is possible to use the "/" character as a prefix to access a particular field value in the same domain type. In this case
"/name"
references the value of the name field. Please note that update operations will require the full object to resolve those values.- Returns:
- the Key Alternate Name if set or an empty
String
.
- Default:
- ""
-
value
@AliasFor(annotation=org.springframework.data.convert.ValueConverter.class, value="value") Class<? extends PropertyValueConverter> valueTheEncryptingConverter
type handling the en-/decryption of the annotated property.- Returns:
- the configured
EncryptingConverter
. AMongoEncryptionConverter
by default.
- Default:
- org.springframework.data.mongodb.core.convert.encryption.MongoEncryptionConverter.class
-