-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Mongoid users should be able to declare CSFLE schema in Mongoid document. The following Ruby code:
class Patient include Mongoid::Document encrypt_metadata: { key_id: "uuid of your Data Encryption Key" } field :medical_records, type: Array, encrypt: { deterministic: false } field :blood_type, type: String, encrypt: { deterministic: false } field :ssn, type: Integer, encrypt: { deterministic: true } embeds_one :insurance end class Insurance include Mongoid::Document field :policy_number, type: Integer, encrypt: { deterministic: true } embedded_in :patient end
should generate the following schema:
{ "medicalRecords.patients": { "bsonType": "object", "encryptMetadata": { "keyId": [UUID("<_id of your Data Encryption Key>" )] }, "properties": { "insurance": { "bsonType": "object", "properties": { "policyNumber": { "encrypt": { "bsonType": "int", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" } } } }, "medical_records": { "encrypt": { "bsonType": "array", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" } }, "blood_type": { "encrypt": { "bsonType": "string", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random" } }, "ssn": { "encrypt": { "bsonType": "int", "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic" } } } } }
The generated schema should be in a format (or be able to be serialised to) a format that is required by the driver – see https://www.mongodb.com/docs/ruby-driver/current/reference/client-side-encryption/#schema-map