(DOCSP-6986): Create and document Node.js implementation of FLE

Mohammad Hunan Chughtai · web-flow · commit 08b506a14034 · 2019-10-01T12:53:37.000-04:00
* created node.js snippets for CSFLE

* added create a master key node step

* changed variable name fileBytes to localMasterKey on node.js generate a local master key section

* switched process.env.MONGO_URL -&gt; connectionString

* fixed spacing

* fixed spacing

* fixed spacing

* fixed spacing and changed process.env.MONGO_URL -&gt; connectionString

* Fixed comment style

* fixed single quotes -&gt; double quotes &amp; spacing

* removed keyAltNames

* switched more information tab to bottom of page &amp; made it hidden

* added Node.js data key generation example link

* added specify location of encryption binary step for node.js

* fixed RST typo

* added helper code for js schema gen

* made wording fixes

* made wording fixes
diff --git a/source/includes/steps-create-data-encryption-key.yaml b/source/includes/steps-create-data-encryption-key.yaml
@@ -24,6 +24,18 @@ content: |
            }
         
            final byte[] localMasterKey = Arrays.copyOf(fileBytes, 96);
+     .. tab::
+        :tabid: nodejs
+
+        .. code-block:: javascript
+        
+           const path = "./master-key.txt";
+           let localMasterKey;
+           fs.readFile(path, (err, data) => {
+             if (err) throw err;
+             localMasterKey = data;
+           });
+
 ---
 title: Specify KMS Provider Settings
 ref: specify-kms-provider-settings
@@ -48,6 +60,16 @@ content: |
                put("key", localMasterKey);
              }});
            }};
+     .. tab::
+        :tabid: nodejs
+
+        .. code-block:: javascript
+
+            const kmsProviders = {
+              local: {
+                key: localMasterKey
+              }
+            }
 ---
 title: Create a Data Encryption Key
 ref: create-a-data-encryption-key
@@ -77,6 +99,32 @@ content: |
              .build();
         
            ClientEncryption clientEncryption = ClientEncryptions.create(clientEncryptionSettings);
+     .. tab::
+        :tabid: nodejs
+
+        .. code-block:: javascript
+
+            const connectionString = "mongodb://localhost:27017";
+            const keyVaultNamespace = "encryption.__keyVault";
+            const client = new MongoClient(connectionString, {
+                useNewUrlParser: true,
+                useUnifiedTopology: true
+            });
+
+            client.connect().then((clientConnection)=>{
+              const encryption = new ClientEncryption(client, {
+                  keyVaultNamespace,
+                  kmsProviders
+              });
+              encryption.createDataKey('local', (err, key) => {
+                if (err) {
+                  console.log("dataKey creation error", err);
+                } else {
+                  console.log("dataKey created", key)
+                }
+              })
+            // ...
+            })
 
   .. note::
 
diff --git a/source/includes/steps-fle-configure-the-mongodb-client.yaml b/source/includes/steps-fle-configure-the-mongodb-client.yaml
@@ -13,6 +13,12 @@ content: |
         .. code-block:: java
            
            String keyVaultNamespace = "encryption.__keyVault";
+     .. tab::
+        :tabid: nodejs
+        
+        .. code-block:: javascript
+           
+           const keyVaultNamespace = "encryption.__keyVault";
 ---
 title: Specify the Local Master Encryption Key
 ref: specify-the-local-master-encryption-key
@@ -35,6 +41,17 @@ content: |
                put("key", localMasterKey);
              }});
            }};
+     .. tab::
+        :tabid: nodejs
+        
+        .. code-block:: javascript
+           
+           const kmsProviders = {
+             local: {
+               key: localMasterKey
+             }
+           }
+
 ---
 title: Map the JSON Schema to the Patients Collection
 ref: map-the-json-schema-to-the-patients-collection
@@ -54,6 +71,15 @@ content: |
            HashMap<String, BsonDocument> schemaMap = new HashMap<String, BsonDocument>() {{
              put("medicalRecords.patients", BsonDocument.parse(jsonSchema));
            }}
+     .. tab::
+        :tabid: nodejs
+        
+        .. code-block:: javascript
+        
+           const dataNamespace = "medicalRecords.patients";
+           const patientSchema = {
+             [dataNamespace]: jsonSchema
+           }
 ---
 title: Specify the Location of the Encryption Binary
 ref: specify-the-location-of-the-encryption-binary
@@ -88,6 +114,29 @@ content: |
               final Map<String, Object> extraOptions = new HashMap<String, Object>() {{
                 put("mongocryptdBypassSpawn", true);
               }};
+     .. tab::
+        :tabid: nodejs
+        
+        .. code-block:: javascript
+           :emphasize-lines: 2
+           
+           const extraOptions = {
+            mongocryptdPath: "/usr/local/bin/mongocryptd";
+           }
+        
+        .. admonition:: Encryption Binary Daemon
+           :class: note
+        
+           If the ``mongocryptd`` daemon is already running, you can
+           configure the client to skip starting it by passing the
+           following option:
+           
+           .. code-block:: javascript
+              :emphasize-lines: 2
+              
+               const extraOptions = {
+                 mongocryptdBypassSpawn: true;
+               }
 ---
 title: Create the MongoClient
 ref: create-the-mongoclient
@@ -115,4 +164,20 @@ content: |
              .build();
            
            MongoClient mongoClient = MongoClients.create(clientSettings);
+     .. tab::
+        :tabid: nodejs
+        
+        .. code-block:: javascript
+           
+           const secureClient = new MongoClient(connectionString, {
+               useNewUrlParser: true,
+               useUnifiedTopology: true,
+               monitorCommands: true,
+               autoEncryption: { 
+                 keyVaultNamespace, 
+                 kmsProviders, 
+                 schemaMap: patientSchema,
+                 extraOptions: extraOptions
+               }
+           });
 ...
diff --git a/source/includes/steps-fle-convert-to-a-remote-master-key.yaml b/source/includes/steps-fle-convert-to-a-remote-master-key.yaml
@@ -58,6 +58,17 @@ content: |
                put("secretAccessKey", awsSecretAccessKey);
              }});
            }};
+     .. tab::
+        :tabid: nodejs
+        
+        .. code-block:: javascript
+
+           kmsProviders = {
+               aws: {
+                   accessKeyId:  "<IAM User Access Key ID>",
+                   secretAccessKey: "<IAM User Secret Access Key>",
+               }
+           }
 ---
 title: Create a New Data Key
 ref: create-a-new-data-key
@@ -97,6 +108,21 @@ content: |
            
            BsonBinary dataKeyId = clientEncryption.createDataKey("aws", dataKeyOptions);
            String base64DataKeyId = Base64.getEncoder().encodeToString(dataKeyId.getData());
+     .. tab::
+        :tabid: nodejs
+
+        .. code-block:: javascript
+        
+           const encryption = new ClientEncryption(client, {
+               keyVaultNamespace,
+               kmsProviders
+           });
+           encryption.createDataKey("aws", {
+               masterKey: { 
+                 key: "<Master Key ARN>", // e.g. "arn:aws:kms:us-east-2:111122223333:alias/test-key"
+                 region: "<Master Key AWS Region>", // e.g. "us-east-1"
+               }
+           })
 ---
 title: Update the JSON Schema
 ref: update-the-json-schema
diff --git a/source/use-cases/sensitive-data-encryption.txt b/source/use-cases/sensitive-data-encryption.txt
@@ -142,17 +142,6 @@ compliant to data privacy regulations with MongoDB.
 Procedure
 ---------
 
-.. tabs-drivers::
-   
-   .. tab::
-      :tabid: java-sync
-      
-      For more information, including 'full examples, see the `Client
-      Side Encryption
-      <https://mongodb.github.io/mongo-java-driver/3.11/driver/tutorials/client-side-encryption/>`_
-      page in the official Java driver documentation.
-      
-
 Requirements
 ~~~~~~~~~~~~
 
@@ -244,6 +233,23 @@ To begin development, MedcoMD engineers generate a local master key:
             }
           }
         }
+   .. tab::
+      :tabid: nodejs
+
+      The following script generates a 96-byte local master key and
+      saves it to a file called ``master-key.txt`` in the directory
+      from which the script is executed.
+
+      .. code-block:: javascript
+
+        const fs = require('fs');
+        const secureRandom = require('secure-random');
+
+        const wstream = fs.createWriteStream('master-key.txt');
+        const data = secureRandom.randomUint8Array(96);
+        wstream.write(data);
+        wstream.end();
+
 
 .. _fle-create-a-data-encryption-key:
 
@@ -272,9 +278,16 @@ local master key.
    .. tab::
       :tabid: java-sync
        
-      You can also download the `complete code example on GitHub
+      You can also download the `complete Java data key generation code
+      example on GitHub
       <https://raw.githubusercontent.com/mongodb/docs-assets/DOCSP-csfle-data-encryption-key/DataEncryptionKeyGenerator.java>`_.
-
+   .. tab::
+      :tabid: nodejs
+       
+      You can also download the `complete Node.js data key generation
+      code example on GitHub
+      <https://raw.githubusercontent.com/mongodb/docs-assets/DOCSP-csfle-data-encryption-key/DataEncryptionKeyGenerator.js>`_.
+ 
 .. include:: /includes/steps/create-data-encryption-key.rst
 
 .. _fle-define-a-json-schema:
@@ -466,6 +479,11 @@ full `JSON Schema for the Medco Medical Management System
        
       View the `helper code in Java
       <https://gist.github.com/ccho-mongodb/088176b1bed3b9e54cdc0c2c3c537d1b>`_.
+   .. tab::
+      :tabid: nodejs
+       
+      View the `helper code in Javascript
+      <https://gist.github.com/mongomoe/a94c59a8e3acdfc96b82d76eb5ea654d>`_.
 
 D. Create the MongoDB Client
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -516,6 +534,30 @@ MedcoMD engineers write a function to create a new patient record:
                  .append("insurance", insurance);
              collection.insertOne(patient);
          }
+   .. tab::
+      :tabid: nodejs
+      
+      .. code-block:: javascript
+      
+         function insertPatient(collection, name, ssn, bloodType, medicalRecords,  policyNumber, provider) {
+             collection.insertOne({
+                name: name,
+                ssn: ssn,
+                bloodType: bloodType,
+                medicalRecords: medicalRecords,
+                insurance: {
+                    policyNumber: policyNumber,
+                    provider: provider
+                }
+             })
+             .then((writeResult) => {
+                 console.log('writeResult: \t', writeResult);
+             })
+             .catch((writeError) => {
+                 console.log('writeError occurred: \t', writeError);
+             })
+         }
+
 
 When a CSFLE-enabled client inserts a new patient record into the Medical Care
 Management System, it automatically encrypts the fields. This operation
@@ -688,3 +730,16 @@ check out the reference docs in the server manual:
 - :manual:`Client-Side Field Level Encryption </core/security-client-side-encryption>`
 - :manual:`Automatic Encryption JSON Schema Syntax </reference/security-client-side-automatic-json-schema>`
 - :manual:`Manage Client-Side Encryption Data Keys </tutorial/manage-client-side-encryption-data-keys>`
+
+
+.. tabs-drivers::
+   :hidden: true
+
+   .. tab::
+      :tabid: java-sync
+      
+      For additional information on CSFLE, see the `official Java driver documentation <https://mongodb.github.io/mongo-java-driver/3.11/driver/tutorials/client-side-encryption/>`_
+   .. tab::
+      :tabid: nodejs
+
+      For additional information on CSFLE, see the `official Node.js driver documentation <https://www.npmjs.com/package/mongodb-client-encryption>`_
