spring-data-couchbase
spring-data-couchbase copied to clipboard
spring-projects
Field Level Encryption [DATACOUCH-455]
Domenico Ursoleo opened DATACOUCH-455 and commented
Couchbase has a Field Level Encryption feature that encrypt field of a Document simply putting the @EncryptField annotation on a field of the document model and addind a CryptoManager to the environment,
With this configuration:
@Configuration
@EnableCouchbaseRepositories(basePackages = { "com.example.demo.db" })
public class MyCouchbaseConfig extends AbstractCouchbaseConfiguration {
@Override
protected CouchbaseEnvironment getEnvironment() {
try {
JceksKeyStoreProvider kp = new JceksKeyStoreProvider("secret");
kp.publicKeyName("mypublickey");
kp.storeKey("mypublickey",
"!mysecretkey#9^5usdk39d&dlf)03sL".getBytes(Charset.forName("UTF-8")));
kp.signingKeyName("HMACsecret");
kp.storeKey("HMACsecret", "myauthpassword".getBytes(Charset.forName("UTF-8")));
AES256CryptoProvider aes256CryptoProvider = new AES256CryptoProvider(kp);
CryptoManager cryptoManager = new CryptoManager();
cryptoManager.registerProvider("MyAESProvider", aes256CryptoProvider);
return
DefaultCouchbaseEnvironment.builder().cryptoManager(cryptoManager).build();
} catch (Exception ex) { return null; } }
}
Given the model
@Document
public class User {
@Id
@GeneratedValue(strategy = GenerationStrategy.UNIQUE)
private String id;
@Field("user")
private String userName;
@EncryptedField(provider = "MyAESProvider")
@Field("pwd")
private String password;
// Setters & getters
}
Persisting it via a simple CrudRepository should encrypt the password like calling the native couchbase java client:
EntityDocument<User> document = EntityDocument.create(user); bucket.repository().upsert(document);
Affects: 3.1.8 (Lovelace SR8)
1 votes, 2 watchers
referenced by https://issues.couchbase.com/browse/JVMCBC-1129
rfc - https://github.com/couchbaselabs/sdk-rfcs/blob/master/rfc/0064-sdk3-field-level-encryption.md
doc - https://docs.couchbase.com/java-sdk/current/howtos/encrypting-using-sdk.html