Demo MongoDB Client-Side Field Level Encryption. Uses Golang + Ubuntu in a Docker container.
Note: The Dockerfile contains all environment dependencies to run this demo.
-
Add values to required variables specified in
env.list.example
and rename the file toenv.list
- Need to have a MongoDB deployment running, if not, delopoy a free one in Atlas and grab the connection string
- Need to have AWS KMS configured
-
Run the following:
docker run --rm -it -p 8888:8888 -p 27020:27020 --env-file env.list --hostname fle nullstring/mongo-fle-demo
{
"_id": "string",
"name":"string",
"message": "string"
}
Note: message
is encrypted/decrypted if inserted/read via /foo else as-is.
-
POST /foo
-- Inserts a validfoobar
document to thetutorial.foobar
namespace and encrypts themessage
field. -
GET /foo/{id}
-- Reads afoobar
document with matchingid
and attempts to decrypt themessage
field. -
POST /bar
-- Inserts a validfoobar
document to thetutorial.foobar
namespace. (sans encryption) -
GET /bar/{id}
-- Reads afoobar
document with matchingid
as-is. (sans decryption)
Import Postman collection.
For debugging/ad-hoc testing:
git clone https://github.com/desteves/fle.git
cd fle
docker run --rm -it -v $PWD:/go/src/github.com/desteves/fle --entrypoint /bin/bash -p 8777:8888 -p 27020:27020 --env-file env.list --hostname fle-testing nullstring/mongo-fle-demo
go build -tags cse main.go
./main