The keyId SPEL expression for the @Encrypted annotation is great for avoiding hard-coding of encryption key ids. See docs here. Example:
@Document
@Encrypted(keyId = "#{mongocrypt.keyId(#target)}")
static class Patient {
@Id String id;
String name;
@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Random")
String bloodType;
@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
Integer ssn;
}However the value bound to #target isn't particularly useful, it's just the simple class name (minus the package!) of the annotated class. See this line:
ctx.setVariable("target", getType().getSimpleName());This limits the usefulness of the SPEL expression, especially in scenarios where users might want to use different encryption keys for different collections.
A simple but impactful enhancement would be to bind collection as a variable:
ctx.setVariable("collection", getCollection());Curious to hear people's thoughts on this.
The
keyIdSPEL expression for the@Encryptedannotation is great for avoiding hard-coding of encryption key ids. See docs here. Example:However the value bound to
#targetisn't particularly useful, it's just the simple class name (minus the package!) of the annotated class. See this line:This limits the usefulness of the SPEL expression, especially in scenarios where users might want to use different encryption keys for different collections.
A simple but impactful enhancement would be to bind
collectionas a variable:Curious to hear people's thoughts on this.