Created
August 29, 2020 14:00
-
-
Save florianbepunkt/29c2223a13cf671344c664a2c545bd89 to your computer and use it in GitHub Desktop.
MongoDB Client-Side Field Level Encryption with Lambda - Not working example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { Binary, MongoClient } = require("mongodb"); | |
| const path = require("path"); | |
| const connectionString = | |
| "mongodb+srv://OMMITED.mongodb.net/yourDatabase?retryWrites=true&w=majority"; | |
| const keyVaultNamespace = "yourDatabase.__keyVault"; | |
| const base64KeyId = "OMITTED"; | |
| const createSchema = () => { | |
| return { | |
| "yourDatabase.test": { | |
| bsonType: "object", | |
| encryptMetadata: { | |
| keyId: [new Binary(Buffer.from(base64KeyId, "base64"), 4)], | |
| }, | |
| properties: { | |
| foo: { | |
| encrypt: { | |
| bsonType: "string", | |
| algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic", | |
| }, | |
| }, | |
| }, | |
| }, | |
| }; | |
| }; | |
| const kmsProviders = { | |
| aws: { | |
| accessKeyId: "OMITTED", | |
| secretAccessKey: "OMITTED", | |
| }, | |
| }; | |
| module.exports.hello = async (event) => { | |
| const secureClient = new MongoClient(connectionString, { | |
| connectTimeoutMS: 7000, | |
| useNewUrlParser: true, | |
| useUnifiedTopology: true, | |
| autoEncryption: { | |
| keyVaultNamespace, | |
| kmsProviders, | |
| schemaMap: createSchema() | |
| }, | |
| }); | |
| await secureClient.connect(); | |
| const collection = secureClient.db("development").collection("test"); | |
| await collection.insertOne({ | |
| foo: "bar", | |
| }); | |
| const resp = await collection.find({}).toArray(); | |
| return { | |
| statusCode: 200, | |
| body: JSON.stringify(resp), | |
| }; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment