Skip to content

Instantly share code, notes, and snippets.

kennwhite

Block or report user

Report or block kennwhite

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@kennwhite
kennwhite / hello_world_node.js
Last active Sep 14, 2019
Client Side Field Level Encryption Hello World for Node.js
View hello_world_node.js
// Simple Client-Side Field Level Encryption example for Node.js
// To install: mkdir proj; cp hello_fle_node.js proj; cd proj; npm install mongodb mongodb-client-encryption --save; node hello_fle_node.js
const dbName = 'demoFLE';
const keyCollection = dbName + '.__keystore'
const dataCollection = 'people'
const url = "mongodb+srv://username:password@xxx.example.net/" + dbName; // 'mongodb://localhost'
const AWS_ACCESS_KEY = "AKIxxxxxxxxxxxxxxxxx"
@kennwhite
kennwhite / hello_world_shell_local.js
Last active Oct 16, 2019
MongoDB Client Side Field Level Encryption Quickstart Part 2 (local key version)
View hello_world_shell_local.js
// Simple demonstration using MongoDB Client-Side Field Level Encryption (local key version)
// Requires Community or (preferrably) Enterprise Shell and a MongoDB 4.2+ database
// Local, stand-alone, or Atlas MongoDB will all work.
// To use this, just open Mongo shell, with this file, e.g.: mongo localhost --shell hello_world_shell_local.js
// Note, you will need the attached `localkey_config.env` file, see below.
// See: Client-Side Field Level Encryption Quickstart Part 1:
// https://gist.github.com/kennwhite/e64e5b6770e89a797c3a08ecaa0cb7d0
var demoDB = "demoFLE"
@kennwhite
kennwhite / hello_world_shell_kms.js
Last active Oct 16, 2019
MongoDB Client Side Field Level Encryption Quickstart Part 2 (KMS version)
View hello_world_shell_kms.js
// Simple demonstration using MongoDB Client-Side Field Level Encryption (KMS version)
// Requires Community or (preferrably) Enterprise Shell and a MongoDB 4.2+ database
// Local, stand-alone, or Atlas MongoDB will all work.
// To use this, just open Mongo shell, with this file, e.g.: `mongo localhost --shell hello_world_shell_kms.js`
// Note, you will need the attached `kms_config.env` file, see below.
// See: Client-Side Field Level Encryption Quickstart Part 1:
// https://gist.github.com/kennwhite/e64e5b6770e89a797c3a08ecaa0cb7d0
var demoDB = "demoFLE"
@kennwhite
kennwhite / client_side_fle_quickstart-part-1.md
Last active Sep 5, 2019
MongoDB Client-Side Field Level Encryption Quickstart Part 1
View client_side_fle_quickstart-part-1.md

Client-Side Field Level Encryption Quickstart Part 1

Note: See KMS Best Practices guide for more specific guidance:

You should work to ensure that the corresponding key policies follow a model of least privilege. This includes ensuring that you do NOT include kms:* permissions in an IAM policy.

Note: This tutorial will create both an AWS KMS master key as well as a local key. If planning to use only a local key, skip to Step 4.

1. Create a project-specific Master Key

  • In the AWS management console, create a project-specific master key:
    • Key Management Service (KMS) / Customer managed keys / Create a key
@kennwhite
kennwhite / seafood_paella.md
Last active Jul 27, 2019
Classic seafood paella
View seafood_paella.md

Paella - 2:1 bone broth to rice (short grain Spanish) ratio

  • Sauté 1/2 lg yellow onion chopped in 2 TB olive oil w/ 6 lg cloves minced garlic, 1 cored & seeded jalapeño. Remove when translucent, ~5 mins
  • Add 2 c rice (maybe to a clean pan with no oil) to toast, approx 3 mins
  • Add 3-4 small chopped vine tomatoes (about 2/3 cup), onions, bone broth, 2 lg pinches crushed Spanish saffron, 1 tsp sweet paprika, 1/2 tsp dried rosemary
  • Simmer 18 mins on low heat, covered
  • Add seafood (lobster, bay scallops, tail-on large shrimp; stir well)
  • Continue simmer uncovered for 5 mins. Rice should have mostly absorbed liquid, still slightly soupy
  • Move pan to 375° oven for 15-20 mins until baked well on top
  • Squeeze lemon, garnish with lemon wedges, black pepper, salt to taste (original called for 3 tsp — way too much)
@kennwhite
kennwhite / powershell_command_urandom.js
Last active Jul 19, 2019
Powershell 1-liner to generate random n-byte key from Windows command line
View powershell_command_urandom.js
// Windows equivalent to Linux/Mac: echo $(head -c 64 /dev/urandom | base64 | tr -d '\n')
// Get-Random in Windows 10/Server 2016 PowerShell uses a CSPRNG seed by default.
// Prior to PS 5.1, seed was system clock.
// For Win 10/2016+
powershell -command "[Convert]::ToBase64String((1..64|%{[byte](Get-Random -Max 256)}))"
// For Win 8.x/2012
powershell -command "$r=[byte[]]::new(64);$g=[System.Security.Cryptography.RandomNumberGenerator]::Create();$g.GetBytes($r);[Convert]::ToBase64String($r)"
@kennwhite
kennwhite / windows powershell random number base64.bat
Created Jul 14, 2019
windows powershell random number base64
View windows powershell random number base64.bat
05776215D594997C8BBA9502AA509920E43A442F873738E7C19CCA9E3DF3BA6F
(1..64|%{'{0:X}' -f (Get-Random -Max 16)}) -join ''
[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("hello"))
[Convert]::ToBase64String((1..64| % {Get-Random -Minimum 0 -Maximum 256}))
@kennwhite
kennwhite / validating_mongodb_embedded_documents.js
Last active Jul 9, 2019
Some notes on validating embedded/nested document fields on MongoDB
View validating_mongodb_embedded_documents.js
// See: https://jira.mongodb.org/browse/SERVER-31493
//
// Most drivers will actively block "." in attempts to store documents (see first insert example below)
// but dots are fine to use for queries. Also, nested documents have to be specified carefully
// for jsonSchema document validation
//
> use schematest
switched to db schematest
>
View ClientSideEncryptionTest.java
/*
* Copyright (c) 2008 - 2013 10gen, Inc. <http://10gen.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
View ClientSideEncryptionSimpleTest.java
/*
* Copyright (c) 2008 - 2013 10gen, Inc. <http://10gen.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
You can’t perform that action at this time.