Skip to content

Supply more useful variables to @Encrypted keyId SPEL expression #4304

New issue
New issue
Open
Open
Supply more useful variables to @Encrypted keyId SPEL expression#4304
Labels
status: ideal-for-contributionAn issue that a contributor can help us withtype: enhancementA general enhancement
@hellproxy

Description

@hellproxy
hellproxy
opened on Feb 26, 2023

The keyId SPEL expression for the @Encrypted annotation is great for avoiding hard-coding of encryption key ids. See docs here. Example:

@Document
@Encrypted(keyId = "#{mongocrypt.keyId(#target)}")
static class Patient {

    @Id String id;
    String name;

    @Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Random")
    String bloodType;

    @Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
    Integer ssn;
}

However the value bound to #target isn't particularly useful, it's just the simple class name (minus the package!) of the annotated class. See this line:

ctx.setVariable("target", getType().getSimpleName());

This limits the usefulness of the SPEL expression, especially in scenarios where users might want to use different encryption keys for different collections.

A simple but impactful enhancement would be to bind collection as a variable:

ctx.setVariable("collection", getCollection());

Curious to hear people's thoughts on this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: ideal-for-contributionAn issue that a contributor can help us withtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions