암호화 스키마 만들기
이 페이지의 내용
이 작업에 대하여
To make encrypted fields queryable, create an 암호화 스키마. This schema defines which fields are queryable, and which query types are permitted. For more information, see 암호화된 필드 및 활성화된 쿼리.
중요
Queryable Encryption supports equality and range queries. You can configure a field for only one query type.
시작하기 전에
When you make encrypted fields queryable, consider performance and security. For details on how each configuration option affects these, see 최적의 검색 및 저장을 위해 암호화된 필드 구성.
단계
Specify fields to encrypt.
Add the
pathandbsonTypestrings to a document within the fields array:const encryptedFieldsObject = { fields: [ { path: "myDocumentField", bsonType: "int" } ] } 중요
You can specify any field for encryption except the
_idfield.If you are using 명시적 암호화, add a
keyIdfield with the DEK ID:{ path: "myDocumentField", bsonType: "int", keyId: "<unique data encryption key>" } 팁
With Automatic Encryption, MongoDB creates encryption keys for each field. You configure
AutoEncryptionSettingson the client, then use thecreateEncryptedCollectionhelper method to create your collections.
Enable range queries on desired fields.
This enables querying with the $lt, $lte, $gt, and $gte operators.
For details on how the following options affect security and performance, see 최적의 검색 및 저장을 위해 암호화된 필드 구성.
Add the
queriesobject and setqueryTypeto"range":{ path: "myDocumentRangeField", bsonType: "int", queries: { queryType: "range" } } Set the following fields:
필드유형설명Same as field
bsonTypeRequired if
bsonTypeisdecimalordouble. Optional but highly recommended if it isint,long, ordate. Defaults to the minimum and maximum values of thebsonType.When possible, specifying bounds on a query improves performance. If querying values outside of these inclusive bounds, MongoDB returns an error.
{ path: "myDocumentRangeField", bsonType: "int", queries: { queryType: "range", min: 0, max: 1200 } }
예시
This example shows how to create an encryption schema for hospital data.
Consider the following document that contains personally identifiable information (PII), credit card information, and sensitive medical information:
{ "firstName": "Jon", "lastName": "Snow", "patientId": 12345187, "address": "123 Cherry Ave", "medications": [ "Adderall", "Lipitor" ], "patientInfo": { "ssn": "921-12-1234", "billing": { "type": "visa", "number": "1234-1234-1234-1234" } } }
To ensure the PII and sensitive medical information stays secure, this encryption schema adds the relevant fields:
const encryptedFieldsObject = { fields: [ { path: "patientId", bsonType: "int" }, { path: "patientInfo.ssn", bsonType: "string" }, { path: "medications", bsonType: "array" }, { path: "patientInfo.billing", bsonType: "object" } ] }
Adding the queries property makes the patientId and
patientInfo.ssn fields queryable. This example enables equality queries:
const encryptedFieldsObject = { fields: [ { path: "patientId", bsonType: "int", queries: { queryType: "equality" } }, { path: "patientInfo.ssn", bsonType: "string", queries: { queryType: "equality" } }, { path: "medications", bsonType: "array" }, { path: "patientInfo.billing", bsonType: "object" }, ] }