encrypt fields embeddings

rustagir · rustagir · commit 691e0ce9d05d · 2024-09-27T12:37:50.000-04:00
(cherry picked from commit 69009e5) (cherry picked from commit 3273361)
diff --git a/snooty.toml b/snooty.toml
@@ -21,4 +21,6 @@ version = "5.0"
 full-version = "{+version+}.0"
 api = "https://mongodb.github.io/mongo-java-driver/{+version+}/apidocs/mongo-scala-driver"
 driver-source-gh = "https://github.com/mongodb/mongo-java-driver"
-rs-docs = "https://www.reactive-streams.org/reactive-streams-1.0.4-javadoc/org/reactivestreams"
+rs-docs = "https://www.reactive-streams.org/reactive-streams-1.0.4-javadoc/org/reactivestreams"
+core-api = "https://mongodb.github.io/mongo-java-driver/{+version+}/apidocs/mongodb-driver-core"
+mongocrypt-version = "1.8.0"
diff --git a/source/includes/security/crypt-maven-versioned.rst b/source/includes/security/crypt-maven-versioned.rst
@@ -0,0 +1,9 @@
+.. code-block:: xml
+
+   <dependencies>
+       <dependency>
+           <groupId>org.mongodb</groupId>
+           <artifactId>mongodb-crypt</artifactId>
+           <version>{+mongocrypt-version+}</version>
+       </dependency>
+   </dependencies>
diff --git a/source/includes/security/crypt-sbt-versioned.rst b/source/includes/security/crypt-sbt-versioned.rst
@@ -0,0 +1,3 @@
+.. code-block:: none
+
+   libraryDependencies += "org.mongodb" % "mongodb-crypt" % "{+mongocrypt-version+}"
diff --git a/source/tutorials/encrypt.txt b/source/tutorials/encrypt.txt
@@ -1,306 +1,28 @@
 .. _scala-encrypt:
 
-======================
-Client-Side Encryption
-======================
-
-.. facet::
-   :name: genre
-   :values: reference
-
-.. meta::
-   :keywords: code example, encrypt data, decrypt data
-
-.. contents:: On this page
-   :local:
-   :backlinks: none
-   :depth: 2
-   :class: singlecol
-
-Starting in v4.2, MongoDB supports client-side encryption. Client-side
-encryption allows administrators and developers to encrypt specific data
-fields in addition to providing other MongoDB encryption features.
-
-With field-level encryption, developers can encrypt fields on the client-side
-without any server-side configuration or directives. Client-side field
-level encryption supports workloads where applications must guarantee
-that unauthorized parties, including server administrators, cannot
-read the encrypted data.
-
-.. include:: /includes/obs-note.rst
-
-Installation
-------------
-
-The recommended way to get started using field-level encryption in
-your project is by using a dependency management system. Field-level
-encryption requires additional packages in addition to the
-driver.
-
-.. include:: /includes/install-note.rst
-
-libmongocrypt
-~~~~~~~~~~~~~
-
-There is a separate JAR file containing ``libmongocrypt`` bindings.
-
-.. tabs::
-
-   .. tab:: Maven
-      :tabid: maven-installation
-
-      If you are using `Maven <https://maven.apache.org/>`__ to manage your
-      packages, add the following entry to your ``pom.xml`` dependencies list:
-
-      .. code-block:: xml
-
-         <dependencies>
-             <dependency>
-                 <groupId>org.mongodb</groupId>
-                 <artifactId>mongodb-crypt</artifactId>
-                 <version>1.2.1</version>
-             </dependency>
-         </dependencies>
-
-   .. tab:: Gradle
-      :tabid: gradle-installation
-
-      If you are using `Gradle <https://gradle.org/>`__ to manage your
-      packages, add the following entry to your dependencies list:
-      
-      .. code-block:: scala
-
-         dependencies {
-             implementation 'org.mongodb:mongodb-crypt:1.2.1'
-         }
-
-mongocryptd Configuration
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The ``libmongocrypt`` bindings require the ``mongocryptd`` daemon/process to be
-running. A specific daemon/process URI can be configured in the
-``AutoEncryptionSettings`` class by setting ``mongocryptdURI`` in the
-``extraOptions`` setting.
-
-Examples
---------
-
-Auto Encryption and Decryption
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following example is a sample app that assumes the key and schema have
-already been created in MongoDB. The example uses a local key, but you
-can also use the AWS/Azure/GCP Key Management Service. The data in
-the ``encryptedField`` field is automatically encrypted on the insert
-and decrypted when using find on the client side.
-
-The code example is from the `ClientSideEncryptionSimpleTour.scala
-<{+driver-source-gh+}/blob/master/driver-scala/src/integration/scala/tour/ClientSideEncryptionSimpleTour.scala>`__
-file in the driver source code GitHub repository.
-
-.. code-block:: scala
-
-   import java.security.SecureRandom
-   
-   import org.mongodb.scala.{AutoEncryptionSettings, Document, MongoClient, MongoClientSettings}
-   import tour.Helpers._
-
-   import scala.collection.JavaConverters._
-   
-   object ClientSideEncryptionSimpleTour {
-   
-     def main(args: Array[String]): Unit = {
-       val localMasterKey = new Array[Byte](96)
-       new SecureRandom().nextBytes(localMasterKey)
-   
-       val kmsProviders = Map("local" -> Map[String, AnyRef]("key" -> localMasterKey).asJava).asJava
-   
-       val keyVaultNamespace = "admin.datakeys"
-   
-       val autoEncryptionSettings = AutoEncryptionSettings.builder()
-         .keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build()
-   
-       val clientSettings = MongoClientSettings.builder()
-         .autoEncryptionSettings(autoEncryptionSettings).build()
-   
-       val mongoClient = MongoClient(clientSettings)
-       val collection = mongoClient.getDatabase("test").getCollection("coll")
-   
-       collection.drop().headResult()
-   
-       collection.insertOne(Document("encryptedField" -> "123456789")).headResult()
-   
-       collection.find().first().printHeadResult()
-   
-       // release resources
-       mongoClient.close()
-     }
-   }
-
-.. note::
-
-   Automatic encryption is an **enterprise only** feature.
-
-Specify a Data Encryption Key and Encrypted Fields
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following example shows how to configure the
-``AutoEncryptionSettings`` instance to create a new key and set the
-JSON schema map.
-
-The code example is from the `ClientSideEncryptionAutoEncryptionSettingsTour.scala
-<{+driver-source-gh+}/blob/master/driver-scala/src/integration/scala/tour/ClientSideEncryptionAutoEncryptionSettingsTour.scala>`__
-file in the driver source code GitHub repository.
-
-.. code-block:: scala
-
-   import java.security.SecureRandom
-   import java.util.Base64
-   
-   import scala.collection.JavaConverters._
-   import org.mongodb.scala._
-   import org.mongodb.scala.bson.BsonDocument
-   import org.mongodb.scala.model.vault.DataKeyOptions
-   import org.mongodb.scala.vault.ClientEncryptions
-   import tour.Helpers._
-   
-   ...
-   
-       val keyVaultNamespace = "admin.datakeys"
-   
-       val clientEncryptionSettings = ClientEncryptionSettings.builder()
-         .keyVaultMongoClientSettings(
-           MongoClientSettings.builder().applyConnectionString(ConnectionString("mongodb://localhost")).build())
-         .keyVaultNamespace(keyVaultNamespace).kmsProviders(kmsProviders).build()
-   
-       val clientEncryption = ClientEncryptions.create(clientEncryptionSettings)
-   
-       val dataKey = clientEncryption.createDataKey("local", DataKeyOptions()).headResult()
-   
-       val base64DataKeyId = Base64.getEncoder.encodeToString(dataKey.getData)
-       val dbName = "test"
-       val collName = "coll"
-       val autoEncryptionSettings = AutoEncryptionSettings.builder()
-         .keyVaultNamespace(keyVaultNamespace)
-         .kmsProviders(kmsProviders)
-         .schemaMap(Map(s"$dbName.$collName" -> BsonDocument(
-           s"""{
-               properties: {
-                 encryptedField: {
-                   encrypt: {
-                     keyId: [{
-                       "$$binary": {
-                         "base64": "$base64DataKeyId",
-                         "subType": "04"
-                       }
-                     }],
-                     bsonType: "string",
-                     algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic"
-                   }
-                 }
-               },
-               bsonType: "object"
-             }""")).asJava)
-         .build()
-
-Explicit Encryption and Decryption
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Explicit encryption and decryption is a MongoDB community feature and
-does not use the ``mongocryptd`` process. Explicit encryption is
-provided by the ``ClientEncryption`` class. 
-
-The code example is from the `ClientSideEncryptionExplicitEncryptionAndDecryptionTour.scala
-<{+driver-source-gh+}/blob/master/driver-scala/src/integration/scala/tour/ClientSideEncryptionExplicitEncryptionAndDecryptionTour.scala>`__
-file in the driver source code GitHub repository.
-
-.. code-block:: scala
-
-   // This would have to be the same master key as was used to create the encryption key
-   val localMasterKey = new Array[Byte](96)
-   new SecureRandom().nextBytes(localMasterKey)
-   
-   val kmsProviders = Map("local" -> Map[String, AnyRef]("key" -> localMasterKey).asJava).asJava
-   
-   val keyVaultNamespace = new MongoNamespace("encryption.testKeyVault")
-   
-   val clientSettings = MongoClientSettings.builder().build()
-   val mongoClient = MongoClient(clientSettings)
-   
-   // Set up the key vault for this example
-   val keyVaultCollection = mongoClient.getDatabase(keyVaultNamespace.getDatabaseName)
-     .getCollection(keyVaultNamespace.getCollectionName)
-   keyVaultCollection.drop().headResult()
-   
-   // Ensure that two data keys cannot share the same keyAltName.
-   keyVaultCollection.createIndex(Indexes.ascending("keyAltNames"), new IndexOptions().unique(true)
-     .partialFilterExpression(Filters.exists("keyAltNames")))
-   
-   val collection = mongoClient.getDatabase("test").getCollection("coll")
-   collection.drop().headResult()
-   
-   // Create the ClientEncryption instance
-   val clientEncryptionSettings = ClientEncryptionSettings
-     .builder()
-     .keyVaultMongoClientSettings(
-       MongoClientSettings.builder()
-          .applyConnectionString(ConnectionString("mongodb://localhost")).build()
-     )
-     .keyVaultNamespace(keyVaultNamespace.getFullName)
-     .kmsProviders(kmsProviders)
-     .build()
-   
-   val clientEncryption = ClientEncryptions.create(clientEncryptionSettings)
-   
-   val dataKeyId = clientEncryption.createDataKey("local", DataKeyOptions()).headResult()
-   
-   // Explicitly encrypt a field
-   val encryptedFieldValue = clientEncryption.encrypt(BsonString("123456789"),
-     EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId))
-       .headResult()
-   
-   collection.insertOne(Document("encryptedField" -> encryptedFieldValue)).headResult()
-   
-   val doc = collection.find.first().headResult()
-   println(doc.toJson())
-   
-   // Explicitly decrypt the field
-   println(
-       clientEncryption.decrypt(doc.get[BsonBinary]("encryptedField").get).headResult()
-   )
-
-Explicit Encryption and Auto Decryption
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Although automatic encryption requires MongoDB 4.2 enterprise or a
-MongoDB 4.2 Atlas cluster, automatic decryption is supported for all
-users. To configure automatic decryption without automatic encryption,
-set ``bypassAutoEncryption(true)``.
-
-The code example is from the `ClientSideEncryptionExplicitEncryptionOnlyTour.scala
-<{+driver-source-gh+}/blob/master/driver-scala/src/integration/scala/tour/ClientSideEncryptionExplicitEncryptionOnlyTour.scala>`__
-file in the driver source code GitHub repository.
-
-.. code-block:: scala
-
-   ...
-   val clientSettings = MongoClientSettings.builder()
-       .autoEncryptionSettings(AutoEncryptionSettings.builder()
-               .keyVaultNamespace(keyVaultNamespace.getFullName)
-               .kmsProviders(kmsProviders)
-               .bypassAutoEncryption(true)
-               .build())
-       .build()
-   val mongoClient = MongoClient(clientSettings)
-   
-   ...
-   
-   // Explicitly encrypt a field
-   val encryptedFieldValue = clientEncryption.encrypt(BsonString("123456789"),
-     EncryptOptions("AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic").keyId(dataKeyId))
-       .headResult()
-   
-   collection.insertOne(Document("encryptedField" -> encryptedFieldValue)).headResult()
-   
-   val doc = collection.find.first().headResult()
-   println(doc.toJson())
+.. sharedinclude:: dbx/encrypt-fields.rst
+
+   .. replacement:: driver-specific-content
+
+      .. important:: Compatible Encryption Library Version
+
+         The {+driver-short+} uses the `mongodb-crypt
+         <https://mvnrepository.com/artifact/org.mongodb/mongodb-crypt>`__
+         encryption library for in-use encryption. This driver version
+         is compatible with ``mongodb-crypt`` v{+mongocrypt-version+}.
+
+         Select from the following :guilabel:`Maven` and
+         :guilabel:`sbt` tabs to see how to add the ``mongodb-crypt``
+         dependency to your project by using the specified manager:
+         
+         .. tabs::
+         
+            .. tab:: Maven
+               :tabid: maven-dependency
+         
+               .. include:: /includes/security/crypt-maven-versioned.rst
+         
+            .. tab:: sbt
+               :tabid: sbt-dependency
+         
+               .. include:: /includes/security/crypt-sbt-versioned.rst

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+.. code-block:: none`
	`2`	`+`
	`3`	`+ libraryDependencies += "org.mongodb" % "mongodb-crypt" % "{+mongocrypt-version+}"`