This repository demonstrates how to integrate MongoDB Queryable Encryption with Spring Data MongoDB. You can read more on
This is a sample Spring Boot application that stores and retrieves employee records using MongoDB Queryable Encryption. It showcases how to:
- Encrypt fields using annotations (
@Encrypted,@RangeEncryptedand@Queryable) - Run equality and range queries securely on encrypted data
| Field | Type | Encrypted | Queryable | Query Type | Notes |
|---|---|---|---|---|---|
| name | String | No | Yes | Equality | Not encrypted; can be queried freely |
| pin | String | Yes | No | — | Encrypted but not queryable |
| ssn | int | Yes | Yes | Equality | Encrypted and queryable using equality (@Queryable) |
| age | Integer | Yes | Yes | Range (int) | Encrypted and queryable with range filters (<, >) |
| salary | double | Yes | Yes | Range (decimal) | Encrypted and queryable with decimal range (precision: 2) |
Below is a visual representation of how encrypted documents appear in MongoDB Compass:
Encrypted fields (
pin,ssn,ageandsalary)
Before running this project, make sure you have:
- Java 17 or higher (tested with Corretto 21)
- Maven 3.6+
- MongoDB 8.0+ running as a replica set
- MongoDB crypt_shared library installed
git clone https://github.com/mongodb-developer/spring-data-queryable-encryption.git
cd spring-data-queryable-encryptionMake sure you're inside the project folder spring-data-queryable-encryption before running the next steps.
On Linux/macOS:
export MONGODB_URI="<YOUR_CONNECTION_STRING>" CRYPT_PATH="<PATH_TO_AUTOMATIC_ENC_SHA_LIB.dylib>"
On Windows
$env:MONGODB_URI="<YOUR_CONNECTION_STRING>"; $env:CRYPT_PATH="<PATH_TO_AUTOMATIC_ENC_SHA_LIB.dll"
mvn spring-boot:runWhen the application starts, it automatically creates a collection called employees in the hrsystem
database (only if it's empty) and inserts 6 sample employees. You can use these records to test the API directly in Swagger or with .http files.
| Name | PIN | SSN | Age | Salary |
|---|---|---|---|---|
| Ricardo | 001 | 1 | 36 | 1501 |
| Maria | 002 | 2 | 28 | 4200 |
| Karen | 003 | 3 | 42 | 2800 |
| Mark | 004 | 4 | 22 | 2100 |
| Pedro | 005 | 5 | 50 | 4000 |
| Joana | 006 | 6 | 50 | 99000 |
You can now try endpoints like:
GET /employees
GET /employees/ssn/1
GET /employees/filter/age-less-than?age=30
GET /employees/filter/salary-greater-than?salary=3500Once the application is running, access:
http://localhost:8080/swagger-ui.htmlOr (for some versions):
http://localhost:8080/swagger-ui/index.htmlIt includes endpoints for:
- /employees → Manage employees records
Create a Employee
POST /employees
Content-Type: application/json
{
"name": "Ricardo",
"pin": "0441",
"ssn": 12,
"age": 36,
"salary": 1200
}
Find All employees
GET /employeesFind by SSN (encrypted query)
GET /employees/ssn/12Find employees with age less than a value
GET /employees/filter/age-less-than?age=50Find employees with salary greater than a value
GET /employees/filter/salary-greater-than?salary=100.0This project includes ready-to-use .http files to test all API endpoints easily from your IDE (such as IntelliJ IDEA, Rider, or VSCode with REST Client plugin).
- employee_requests.http → Test all endpoints under /employees
- Open the .http file in IntelliJ.
- Click on the green "Run" icon next to any request.
- You’ll see the response in a built-in HTTP client tab.
