Giter Club home page Giter Club logo

pii-encrypt-demo's Introduction

pii-encrypt-demo

A Spring Boot based project that showcases the options to do columnar encryption of PII ( Personally Identifiable Information ) storage and look up.

Objectives

  • Encrypt the PII fields in an entity automatically on db save and retrieve it as decrypted when reading from db.
  • Search the field without doing any manual encryption.

Components

  • Spring boot ( 1.5.21 ) or later
  • JPA

Configuration & Setup

  • Create a database pii-encrypt-demo
  • Update the host, username and password for db in the application.yml.
  • Run the application
  • Use the Postman collection to save and get data

Steps

  1. Define an AttributeConverter ( PIIAttributeConverter) that will convert the string to encrypted value during save to database and decrypt when reading from database.
  2. Annotate the fields to be encrypted using @Convert(converter = PIIAttributeConverter.class)
  3. The findByQueries and JQL queries will automatically apply the converter

Notes

  1. The attribute converter is auto applied for all the annotated field during saving and reading back.
  2. This is even applicable when we do look up and will convert the passed value to encrypted version and compare.
  3. Like keyword lookup won't work
  4. JQL queries ( @Query annotations) in repository also works without any additional code.

Classes

PIIAttributeConverter.java

A Spring component that does the encryption and decryption of the attributes that are annoted.

Customer.java

The entity class holding PII data with PII fields annotated

CustomerRespository.java

Standard repository class with necessary repo methods for retireval

Resources

Postman collections

MySQL queries

-- Encrypt existing field 
update CUSTOMERS set name=cast(to_base64(aes_encrypt(name,"secret-key-12345")) as char) where id = 10;

-- Decrypt and select
 SELECT id,name,mobile,
 cast(aes_decrypt(from_base64(name),"secret-key-12345") as char) as 'Decrypted Name',
 cast(aes_decrypt(from_base64(mobile),"secret-key-12345") as char) as 'Decrypted Mobile' FROM `pii-encrypt-demo`.CUSTOMERS;

TO DO ( IMPORTANT)

Make sure to take care of the below items before you implement this

  1. Ensure that the secret key is not stored in the source code and instead take from a vault of secret storage config property.

pii-encrypt-demo's People

Contributors

sandheepgr avatar

Watchers

avatar

Forkers

microideation

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.