@Documented @Retention(value=RUNTIME) @Target(value={TYPE,FIELD}) public @interface Encrypted
Encrypted provides data required for MongoDB Client Side Field Level Encryption that is applied during schema
resolution. It can be applied on top level (typically those types annotated with Document to provide the
encryptMetadata.
@Document
@Encrypted(keyId = "4fPYFM9qSgyRAjgQ2u+IMQ==")
public class Patient {
private ObjectId id;
private String name;
@Field("publisher_ac")
@DocumentReference(lookup = "{ 'acronym' : ?#{#target} }") private Publisher publisher;
}
"encryptMetadata": {
"keyId": [
{
"$binary": {
"base64": "4fPYFM9qSgyRAjgQ2u+IMQ==",
"subType": "04"
}
}
]
}
public class Patient {
private ObjectId id;
private String name;
@Encrypted(keyId = "4fPYFM9qSgyRAjgQ2u+IMQ==", algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
private String ssn;
}
"ssn" : {
"encrypt": {
"keyId": [
{
"$binary": {
"base64": "4fPYFM9qSgyRAjgQ2u+IMQ==",
"subType": "04"
}
}
],
"algorithm" : "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
"bsonType" : "string"
}
}
public abstract String[] keyId
keyId to use. The value must resolve to either the UUID representation of the key or a base64
encoded value representing the UUID value.
ElementType.TYPE level the keyId() can be left empty if explicitly set for fields. ElementType.FIELD level the keyId() can be left empty if inherited from
encryptMetadata.expression. In
this case the #target variable will hold the target element name.public abstract String algorithm
ElementType.TYPE level the algorithm() can be left empty if explicitly set for fields. ElementType.FIELD level the algorithm() can be left empty if inherited from
encryptMetadata.EncryptionAlgorithmsCopyright © 2011–2022 Pivotal Software, Inc.. All rights reserved.