{"id":20375664,"url":"https://github.com/bruce-mig/csfle-mongo-enterprise","last_synced_at":"2025-10-05T02:23:24.236Z","repository":{"id":259729884,"uuid":"879300209","full_name":"bruce-mig/csfle-mongo-enterprise","owner":"bruce-mig","description":"Client Side Field Level Encryption on enterprise cluster","archived":false,"fork":false,"pushed_at":"2025-07-25T11:14:27.000Z","size":47,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-25T15:19:36.699Z","etag":null,"topics":["csfle","encryption-decryption","hashicorp-vault","hcl","mongodb-enterprise"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bruce-mig.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-27T14:49:18.000Z","updated_at":"2025-07-25T11:14:28.000Z","dependencies_parsed_at":"2025-01-15T06:15:22.486Z","dependency_job_id":null,"html_url":"https://github.com/bruce-mig/csfle-mongo-enterprise","commit_stats":null,"previous_names":["bruce-mig/csfle-mongo-enterprise"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bruce-mig/csfle-mongo-enterprise","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bruce-mig%2Fcsfle-mongo-enterprise","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bruce-mig%2Fcsfle-mongo-enterprise/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bruce-mig%2Fcsfle-mongo-enterprise/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bruce-mig%2Fcsfle-mongo-enterprise/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bruce-mig","download_url":"https://codeload.github.com/bruce-mig/csfle-mongo-enterprise/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bruce-mig%2Fcsfle-mongo-enterprise/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278399691,"owners_count":25980334,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csfle","encryption-decryption","hashicorp-vault","hcl","mongodb-enterprise"],"created_at":"2024-11-15T01:32:24.620Z","updated_at":"2025-10-05T02:23:24.231Z","avatar_url":"https://github.com/bruce-mig.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Java Spring Boot Template with MongoDB CSFLE.\n\nThis project is a template for a Java Spring Boot application with\n[MongoDB Client-Side Field Level Encryption](https://docs.mongodb.com/manual/core/security-client-side-encryption/)\nusing Spring Data MongoDB.\n\n\nThis repository provides reusable classes and methods to easily implement MongoDB CSFLE in an existing Java Spring Boot\napplication.\n\nHere are a few features in this repository:\n\n- Multiple encrypted collections.\n- Automated JSON Schema generation.\n- Server side JSON Schema.\n- Separated clusters for DEKs and encrypted collections.\n- Automated data encryption keys generation or retrieval.\n- SpEL Evaluation Extension.\n- Auto-implemented repositories.\n- Open API documentation.\n\n# Prerequisites\n\n- Java 21\n- Spring Boot\n- [MongoDB Cluster](https://www.mongodb.com/atlas/database) v7.0.2 or higher.\n- [MongoDB Automatic Encryption Shared Library](https://www.mongodb.com/docs/manual/core/queryable-encryption/reference/shared-library/#download-the-automatic-encryption-shared-library)\n  v7.0.2 or higher.\n\n# Getting Started\n\nUpdate the [application.yaml](src%2Fmain%2Fresources%2Fapplication.yaml) with your\n[MongoDB URIs](https://github.com/MaBeuLux88/mongodb-java-spring-boot-csfle#mongodb) and\n[MongoDB Automatic Encryption Shared library path](https://github.com/bruce-mig/csfle-mongo-enterprise#mongodb-automatic-encryption-shared-library).\n\nFor Linux and macOS.\n\n```bash\n./mvnw spring-boot:run\n```\n\nFor Windows.\n\n```bash\nmvnw.cmd spring-boot:run\n```\n\n## MongoDB\n\nYou can create a new cluster on MongoDB Atlas or, for testing and local development purposes only, you can create an\nephemeral local single node replica set with the following command:\n\n```bash\ndocker run --rm -d -p 27017:27017 -h $(hostname) --name mongo mongodb/mongodb-enterprise-server:latest --replSet=RS \u0026\u0026 \\\nsleep 5 \u0026\u0026 \\\ndocker exec mongo mongosh --quiet --eval \"rs.initiate();\"\n```\n\n\u003e Note: When you are using MongoDB Client-Side Field Level Encryption, you have the opportunity to store the data and\n\u003e the keys in two separate clusters in order to manage the keys independently of the data. You can choose to do so to\n\u003e have a different backup retention policy for your two clusters (interesting for GDPR Article 17 \"Right to erasure\"\n\u003e for instance). For more information,\n\u003e see [Client-Side Field Level Encryption](https://docs.mongodb.com/manual/core/security-client-side-encryption/).\n\n## MongoDB Automatic Encryption Shared Library\n\nMake sure\nto [download](https://www.mongodb.com/docs/manual/core/queryable-encryption/reference/shared-library/#download-the-automatic-encryption-shared-library)\nand extract the shared library in the folder of your choice.\n\n```properties\ncrypt.shared.lib.path=software/mongo_crypt_shared_v1-linux-x86_64-enterprise-ubuntu2204-8.0.3/lib/mongo_crypt_v1.so\n```\n\n# Test REST API\n\n## Swagger 3\n\n- Swagger 3 is already configured in this project.\n- The Swagger UI can be seen\n  at [http://localhost:8080/swagger-ui/index.html](http://localhost:8080/swagger-ui/index.html).\n- The JSON Open API documentation 3.0.1 is at [http://localhost:8080/v3/api-docs](http://localhost:8080/v3/api-docs).\n- The YAML Open API documentation 3.0.1 is\n  at [http://localhost:8080/v3/api-docs.yaml](http://localhost:8080/v3/api-docs.yaml).\n- You can also try the entire REST API directly from the Swagger interface!\n\n## Persons\n\nCreate a `person` document:\n\n```bash\ncurl -X POST http://localhost:8080/person \\\n  -H 'Content-Type: application/json' \\\n  -d '{\n    \"first_name\": \"John\",\n    \"last_name\": \"Doe\",\n    \"ssn\": \"123-45-6789\",\n    \"blood_type\": \"A+\"\n}'\n```\n\nFind all the persons in the database. Note that the decryption is done automatically:\n\n```bash\ncurl http://localhost:8080/persons\n```\n\nFind one person by SSN in the database. Note that the encryption of the SSN (for the search) is done automatically. Same\nfor the decryption:\n\n```bash\ncurl http://localhost:8080/person/ssn/123-45-6789\n```\n\nRead the encrypted data in the `persons` collection:\n\n```bash\nmongosh \"mongodb://localhost/mydb\" --quiet --eval \"db.persons.find()\"\n```\n\nResult in the `persons` collection:\n\n```javascript\n[\n  {\n    _id: ObjectId(\"6537e9859f1b170d4cd25bee\"),\n    firstName: 'John',\n    lastName: 'Doe',\n    ssn: Binary.createFromBase64(\"AflGzaz/YUj6m2aENIoB50MCn1rhDllb79H17xjkUMK2obL7i038eANieCC/nO7AcaPBtpOdtqqPEvNdd9VgnC6l9QaLEIC/5w+CYPujkNxFIA37PrsqMlDeL3AsMuAgTZg=\", 6),\n    bloodType: Binary.createFromBase64(\"AvlGzaz/YUj6m2aENIoB50MCaHTxjCBlPZIck2gstfXB6yFfJ0KISjJJE24k3LXDoTv09GH+cwq+u6ApBuDU5OBkRe/6U8nPRKKcc5nirBLIzg==\", 6),\n    _class: 'com.mongodb.quickstart.javaspringbootcsfle.model.PersonEntity'\n  }\n]\n```\n\n## Companies\n\nCreate a `company` document:\n\n```bash\ncurl -X POST http://localhost:8080/company \\\n  -H 'Content-Type: application/json' \\\n  -d '{\n    \"name\": \"MongoDB\",\n    \"money\": 42\n}'\n```\n\nFind all the companies in the database. Note that the decryption is done automatically:\n\n```bash\ncurl http://localhost:8080/companies\n```\n\nRead the encrypted data in the `companies` collection:\n\n```bash\nmongosh \"mongodb://localhost/mydb\" --quiet --eval \"db.companies.find()\"\n```\n\nResult in the `companies` collection:\n\n```javascript\n[\n  {\n    _id: ObjectId(\"653b1022110ea0067196894d\"),\n    name: 'MongoDB',\n    money: Binary.createFromBase64(\"Au+QLuvvXE+gvw8N69fAbDYSjn2ep7Ye/Ap+N1YdBBuUOhLSpQtK9B7U38dx8xIcMz3sBvfOttqW8AOvRISxFa8a47T422hSnnwgCAjPNifnpA==\", 6),\n    _class: 'com.mongodb.quickstart.javaspringbootcsfle.model.CompanyEntity'\n  }\n]\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbruce-mig%2Fcsfle-mongo-enterprise","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbruce-mig%2Fcsfle-mongo-enterprise","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbruce-mig%2Fcsfle-mongo-enterprise/lists"}