[JAVA-3317] Add basic client-side encryption to the reference documentation Created: 11/Jun/19  Updated: 28/Oct/23  Resolved: 18/Jun/19

Status: Closed
Project: Java Driver
Component/s: Documentation
Affects Version/s: None
Fix Version/s: 3.11.0

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Ross Lawley
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: Client-side FLE

 Description   

Documentation should include:

  • Installation instructions 
    • libmongocrypt
    • mongocryptd assumptions and configuration
  • Links to main docs page describing JSON schema, AWS KMS (when it exists), and key creation
  • Code sample for enabling auto encryption (assume encryption key already exists). Note that this is enterprise-only.
  • Code sample containing a client-side schema map
  • Code sample demonstrating explicit encryption/decryption. Note that this is community version.
     


 Comments   
Comment by Githook User [ 18/Jun/19 ]

Author:

{'name': 'Ross Lawley', 'email': 'ross.lawley@gmail.com', 'username': 'rozza'}

Message: Docs: Added initial FLE documentation

JAVA-3317
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/36ab5e15ad2a8c764a1664d23b06a0a715ed0c1c

Comment by Jeffrey Yemin [ 11/Jun/19 ]

Simple test app (assumes key is created, schema is on server:

 
import com.mongodb.AutoEncryptionSettings;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.MongoClients;
import org.bson.Document;
 
import java.security.SecureRandom;
import java.util.Map;
 
public class ClientSideEncryptionSimpleTest {
 public static void main(String[] args) {
 // This would have to be the same master key as was used to create the encryption key
 var localMasterKey = new byte[96];
 new SecureRandom().nextBytes(localMasterKey);
 
 var kmsProviders = Map.of("local",
 Map.<String, Object>of("key", localMasterKey));
 var keyVaultNamespace = "admin.datakeys";
 
 var autoEncryptionSettings =
 AutoEncryptionSettings.builder()
 .keyVaultNamespace(keyVaultNamespace)
 .kmsProviders(kmsProviders)
 .build();
 var clientSettings = MongoClientSettings.builder()
 .autoEncryptionSettings(autoEncryptionSettings)
 .build();
 
 var client = MongoClients.create(clientSettings);
 var collection = client.getDatabase("test").getCollection("coll");
 collection.drop();
 
 collection.insertOne(new Document("encryptedField", "123456789"));
 
 System.out.println(collection.find().first().toJson());
 }
}

Generated at Thu Feb 08 08:59:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.