Improve field encryption usability with attributes/API

XMLWordPrintableJSON

    • Type: New Feature
    • Resolution: Done
    • Priority: Unknown
    • 3.5.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • Fully Compatible
    • Dotnet Drivers
    • Needed
    • Hide

      We added a builder to be used to build CSFLE schemas. 
      For example:

       

                  var builder = CsfleSchemaBuilder.Create(schemaBuilder =>
            {
                schemaBuilder.Encrypt<Patient>(_collectionNamespace, builder =>
                {
                    builder
                        .EncryptMetadata(keyId: _keyId)
                        .Property(p => p.MedicalRecords, BsonType.Array,
                            EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
                        .Property("bloodType", BsonType.String,
                            algorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
                        .Property(p => p.Ssn, BsonType.Int32,
                            EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
                        .Property(p => p.Insurance, innerBuilder =>
                        {
                            innerBuilder
                                .Property(i => i.PolicyNumber, BsonType.Int32,
                                    EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic);
                        })
                        .PatternProperty("_PIIString$", BsonType.String, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
                        .PatternProperty("_PIIArray$", BsonType.Array, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)
                        .PatternProperty(p => p.Insurance, innerBuilder =>
                        {
                            innerBuilder
                                .PatternProperty("_PIIString$", BsonType.String,
                                    EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)
                                .PatternProperty("_PIINumber$", BsonType.Int32,
                                    algorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic);
                        });                } );
            }); 

var schema = builder.Build();

      More examples can be found in CsfleSchemaBuilderTests.cs. 

      I don't think we need to explain the whole API in the documentation, but we should at least mention it and show an example. 

      Show
      We added a builder to be used to build CSFLE schemas.  For example:               var builder = CsfleSchemaBuilder.Create(schemaBuilder =>             {                 schemaBuilder.Encrypt<Patient>(_collectionNamespace, builder =>                 {                     builder                         .EncryptMetadata(keyId: _keyId)                         .Property(p => p.MedicalRecords, BsonType.Array,                             EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)                         .Property( "bloodType" , BsonType. String ,                             algorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)                         .Property(p => p.Ssn, BsonType.Int32,                             EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)                         .Property(p => p.Insurance, innerBuilder =>                         {                             innerBuilder                                 .Property(i => i.PolicyNumber, BsonType.Int32,                                     EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic);                         })                         .PatternProperty( "_PIIString$" , BsonType. String , EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)                         .PatternProperty( "_PIIArray$" , BsonType.Array, EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Random)                         .PatternProperty(p => p.Insurance, innerBuilder =>                         {                             innerBuilder                                 .PatternProperty( "_PIIString$" , BsonType. String ,                                     EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic)                                 .PatternProperty( "_PIINumber$" , BsonType.Int32,                                     algorithm: EncryptionAlgorithm.AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic);                         });                } );             }); var schema = builder.Build(); More examples can be found in CsfleSchemaBuilderTests.cs.  I don't think we need to explain the whole API in the documentation, but we should at least mention it and show an example. 
    • None
    • None
    • None
    • None
    • None
    • None

      If you wish to use CSFLE with MongoDB C# today you need to manually generate a schema which is then attached to the MongoClient in order that the fields are correctly encrypted and decrypted.

      We should consider a new FieldEncryption attribute that optionally takes:

      • a data key (GUID)
      • A BSON type for storage
      • an AES encryption enum to determine RANDOM or DETERMINISTIC

      We should also consider whether we want to have attributes and/or an API in order to set the data key at a higher level (e.g. collection) in order to reduce repetition.

              Assignee:
              Ferdinando Papale
              Reporter:
              Damien Guard
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: