-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Mongoid users should be able to declare CSFLE schema in Mongoid document. The following Ruby code:
class Patient include Mongoid::Document encrypt_metadata: { key_id: "uuid of your Data Encryption Key" } field :medical_records, type: Array, encrypt: { deterministic: false } field :blood_type, type: String, encrypt: { deterministic: false } field :ssn, type: Integer, encrypt: { deterministic: true } embeds_one :insurance end class Insurance include Mongoid::Document field :policy_number, type: Integer, encrypt: { deterministic: true } embedded_in :patient end
should generate the following schema:
{
"medicalRecords.patients": {
"bsonType": "object",
"encryptMetadata": {
"keyId": [UUID("<_id of your Data Encryption Key>" )]
},
"properties": {
"insurance": {
"bsonType": "object",
"properties": {
"policyNumber": {
"encrypt": {
"bsonType": "int",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
}
},
"medical_records": {
"encrypt": {
"bsonType": "array",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"blood_type": {
"encrypt": {
"bsonType": "string",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
}
},
"ssn": {
"encrypt": {
"bsonType": "int",
"algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
}
}
}
}
}
The generated schema should be in a format (or be able to be serialised to) a format that is required by the driver – see https://www.mongodb.com/docs/ruby-driver/current/reference/client-side-encryption/#schema-map