This is a sample application demonstrating MongoDB Client-Side Field Level Encryption with AWS KMS. To get started,
- create an AWS KMS master key (see
aws_cli/kms.sh) - create an AWS IAM role allowing this app to encrypt / decrypt data keys (see
aws_cli/iam.sh) - rename
00_sharedconst.js.SECRETSto00_sharedconst.js - update the 6 constants at the top of that file (see instructions in the file)
- install Nodejs dependencies (
npm install)
Create a data key
node 01_createkey.jsVerify data keys
Update the 02_verifykey.js with the Base64 key id provided by the previous step
node 02_verifykey.jsManuel field-level encryption with the data key
Encryption is explicit in the code. CSFLE-enabled MongoDB clients automatically decrypt the data.
node 03_manualEncryption.jsAutomatic field-level encryption with the data key
Update the 04_automaticEncryption.js with the Base64 key id provided by the key creation step
Encryption and decyption are automatically performed by CSFLE-enabled MongoDB clients.
The driver relies on a data schema to describe what fields have to be encrypted and with which key (see 99_schemaHelper.js)
The application relies on mongocryptd daemon to be started on the same machine as the application. Please follow the MongoDB mongocryptd documentation for download and installation instructions.
/usr/bin/mongocryptd --fork --logpath /home/ec2-user/mongocryptd.log --pidfilepath /home/ec2-user/mongocryptd.pidnode 04_automaticEncryption.jsErrors or Feedback ?
Please raise an issue.