📜  encryptedfields mongoose-encrypt (1)

📅  最后修改于: 2023-12-03 15:00:36.227000             🧑  作者: Mango

EncryptedFields Mongoose-Encrypt

EncryptedFields Mongoose-Encrypt is a Node.js package that provides a simple way to encrypt and decrypt fields in your Mongoose models.

Features
  • Encrypt and decrypt fields in your Mongoose models with AES-256-CBC encryption
  • Use a separate encryption key for each field, providing an additional layer of security
  • All encryption keys are stored in a separate collection in MongoDB, ensuring they are never exposed in code or in backups
  • Supports all Mongoose data types, including nested objects and arrays
Installation
$ npm install encryptedfields mongoose-encrypt
Usage
Setup

To use EncryptedFields Mongoose-Encrypt, you need to first create an encryption key for each field you wish to encrypt. You can do this using the generateKeys method provided by the package:

const encryptedFields = require('encryptedfields');
const mongooseEncrypt = require('mongoose-encrypt');

const keys = encryptedFields.generateKeys(['field1', 'field2', 'field3']);

This will generate a separate encryption key for each field, and store them in a separate collection in MongoDB.

Define a Mongoose Model

Next, define your Mongoose model as you normally would, but include the mongoose-encrypt plugin and specify the fields that should be encrypted:

const mongoose = require('mongoose');

const MySchema = new mongoose.Schema({
  field1: String,
  field2: Number,
  field3: { type: String, encrypt: true }
});

MySchema.plugin(mongooseEncrypt, { encryptionKey: keys });

const MyModel = mongoose.model('MyModel', MySchema);

In this example, field3 is the only field that will be encrypted. The encrypt option needs to be added to the field definition.

The encryptionKey option points to the encryption keys that were generated earlier.

Create and Save a Document
const doc = new MyModel({
  field1: 'Not Encrypted',
  field2: 1234,
  field3: 'Some secret data'
});

doc.save((err, savedDoc) => {
  if (err) {
    console.error('Error saving doc:', err);
  } else {
    console.log('Saved doc:', savedDoc);
  }
});

When the document is saved, any fields that have the encrypt option set to true will be encrypted and stored in the database.

Find and Decrypt a Document
MyModel.findOne({ _id: savedDoc._id }, (err, foundDoc) => {
  if (err) {
    console.error('Error finding doc:', err);
  } else {
    console.log('Found doc:', foundDoc);
    console.log('Decrypted field3:', foundDoc.field3);
  }
});

When a document is found, any encrypted fields will be automatically decrypted.

Conclusion

EncryptedFields Mongoose-Encrypt provides a simple way to encrypt and decrypt fields in your Mongoose models, providing an additional layer of security to sensitive data. By using a separate encryption key for each field and storing them in a separate collection, you can ensure that your data is protected even if your application code or backups are compromised.

References