Skip to content
This repository has been archived by the owner on Oct 7, 2024. It is now read-only.

Latest commit

 

History

History
62 lines (44 loc) · 2.59 KB

README.md

File metadata and controls

62 lines (44 loc) · 2.59 KB

MongoDB Field Level Encryption (FLE) Tutorial/Demo

Demo MongoDB Client-Side Field Level Encryption. Uses Golang + Ubuntu in a Docker container.

Run

Note: The Dockerfile contains all environment dependencies to run this demo.

  1. Add values to required variables specified in env.list.example and rename the file to env.list

    • Need to have a MongoDB deployment running, if not, delopoy a free one in Atlas and grab the connection string
    • Need to have AWS KMS configured
  2. Run the following:

docker run --rm  -it  -p 8888:8888 -p 27020:27020 --env-file env.list --hostname fle  nullstring/mongo-fle-demo

foobar document

{
    "_id": "string",
    "name":"string",
    "message": "string" 
}

Note: message is encrypted/decrypted if inserted/read via /foo else as-is.

Endpoints

  • POST /foo -- Inserts a valid foobar document to the tutorial.foobar namespace and encrypts the message field.

  • GET /foo/{id} -- Reads a foobar document with matching id and attempts to decrypt the message field.

  • POST /bar -- Inserts a valid foobar document to the tutorial.foobar namespace. (sans encryption)

  • GET /bar/{id} -- Reads a foobar document with matching id as-is. (sans decryption)

Test

Import Postman collection.

For debugging/ad-hoc testing:

git clone https://github.com/desteves/fle.git
cd fle
docker run --rm -it -v $PWD:/go/src/github.com/desteves/fle --entrypoint /bin/bash -p 8777:8888  -p 27020:27020 --env-file env.list --hostname fle-testing nullstring/mongo-fle-demo
go build -tags cse main.go
./main

References