Queryable Encryption Support

[ashni-mehta]

Queryable Encryption is a new feature in MongoDB 6.0. It allows customers to encrypt sensitive data from the client side, store it as fully randomized encrypted data on the database server side, and run expressive queries on the encrypted data.

More details on Queryable Encryption here: https://www.mongodb.com/docs/manual/core/queryable-encryption/

[jyemin]

This is the part that describes the requirements for the JSON schema: https://www.mongodb.com/docs/manual/core/queryable-encryption/tutorials/aws/aws-automatic/#create-your-encrypted-collection

[christophstrobl]

The missing bit seems to be the queries part. So far only queryType: "equality" and queryType: "none" are mentioned in the docs. Will there be more or a change to the format? Which boils down to if a single attribute on @Encrypted (like below) is sufficient and future proof?

@Encrypted(query = EQUALITY)

[ashni-mehta]

My understanding is that more are coming in the future. I can find out if format will remain consistent.

[spring-projects-issues]

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

[ashni-mehta]

Hey, spoke to the team.

• There will be more query types and the different query types will have different parameters at set up.
• The persisted data format is unique per index type (ex: an index that supports "equality" cannot support range.

[christophstrobl]

Thank you Thank you @ashni-mongodb. When using queryable encryption along with explicit encryption is the queryType only to be set when encrypting parts of the filter query or is it also allowed/required when encrypting field data for the document to store. Javadoc of EncryptOptions is a bit thin there.

[joelodom]

@christophstrobl, queryType is used when creating the encrypted collection and it's also used when creating the query filter for the find. queryType is not used when creating the payload to insert.

@ashni-mongodb