mongoose-encryption
mongoose-encryption copied to clipboard
joegoldbeck
Readme lacks the explanation on how to remove the library and decrypt the db
Hi, I decided to stop using this lib in my project, but I already have encrypted my db. I didn't find any explanation on how to delete the library and decrypt the database. So I guess it should be added to the Readme.
You're right! That should be added. In the interim, the way to do it would be to set encryptedFields to be an empty array, and then find and save each document.
Something along the lines of,
yourSchema.plugin(encrypt, { encryptionKey: encKey, signingKey: sigKey, encryptedFields: [] });
and then find all documents and save each individually with the .save instance method.
They'll get decrypted on the fly in the find and then saved without re-encrypting any fields. Obviously test this locally/in a staging environment first, and then when you do it production, confirm that this worked by looking in Mongo before removing the plugin. I haven't run through the process with this version of the plugin yet myself.
Agreed though, there should be a test for this, and also an item in the readme, so leaving open the ticket for that
hi @joegoldbeck i am heavily considering using this lib. i have a few questions if you don't mind.
- tried your instructions in the readme, but not all the fields were encrypted. only 2 of them with _ct something. shouldnt the default be to encrypt all fields? or should the fields be explicitly specified in the array
- my db already has existing documents, is it possible to encrypt them still? rather than starting with an empty db?
Hi @chitgoks thanks for reaching out. Probably this makes sense as a new issue rather than addendum in an unrelated one, but:
- All fields should be encrypted by default, yes
- Yes this is possible. See https://github.com/joegoldbeck/mongoose-encryption#getting-started-with-an-existing-collection
You're right! That should be added. In the interim, the way to do it would be to set encryptedFields to be an empty array, and then find and save each document.
Something along the lines of,
yourSchema.plugin(encrypt, { encryptionKey: encKey, signingKey: sigKey, encryptedFields: [] });and then find all documents and save each individually with the.saveinstance method.They'll get decrypted on the fly in the find and then saved without re-encrypting any fields. Obviously test this locally/in a staging environment first, and then when you do it production, confirm that this worked by looking in Mongo before removing the plugin. I haven't run through the process with this version of the plugin yet myself.
Agreed though, there should be a test for this, and also an item in the readme, so leaving open the ticket for that
This is not working for me for some reason, I tried with top-level fields and with sub-document fields as well.
If I just remove the field from the encryptedFields and find all the documents and save them individually. They just all save without that field in place.
You're right! That should be added. In the interim, the way to do it would be to set encryptedFields to be an empty array, and then find and save each document.
Something along the lines of,
yourSchema.plugin(encrypt, { encryptionKey: encKey, signingKey: sigKey, encryptedFields: [] });and then find all documents and save each individually with the.saveinstance method.They'll get decrypted on the fly in the find and then saved without re-encrypting any fields. Obviously test this locally/in a staging environment first, and then when you do it production, confirm that this worked by looking in Mongo before removing the plugin. I haven't run through the process with this version of the plugin yet myself.
Agreed though, there should be a test for this, and also an item in the readme, so leaving open the ticket for that
I am trying to do the same, please let me know if you found out how to get it done
I just didn't use the lib all together. I just need to encrypt a single field inside a document in an array. So It was better to use crypto lib and work with that.