mongodb-client-encryption in CSFLE

[thismehmood]

import { Binary, ClientEncryption, MongoClient, ObjectId } from 'mongodb';
import { encryptData, decryptData } from './gcpKmsClient';
import * as crypto from 'crypto';

const uri = process.env.MONGODB_URI;
const client = new MongoClient(uri);

export class KeyVaultService {
private keyVaultNamespace = 'encryption.keyVault';

constructor() {
client.connect();
}

async createDataEncryptionKey(): Promise {
const keyVault = client.db('encryption').collection(this.keyVaultNamespace);

const dek = crypto.randomBytes(32);
const encryptedDek = await encryptData(process.env.GCP_KEY_NAME, dek);

const keyDocument = {
  _id: new ObjectId(),
  keyMaterial: encryptedDek,
  creationDate: new Date(),
};

await keyVault.insertOne(keyDocument);
return keyDocument._id;

}

async getDataEncryptionKey(keyId: string): Promise {
const keyVault = client.db('encryption').collection(this.keyVaultNamespace);
const keyDocument = await keyVault.findOne({ _id: new ObjectId(keyId) });
if (!keyDocument) {
throw new Error('Key not found');
}
const dek = await decryptData(process.env.GCP_KEY_NAME, keyDocument.keyMaterial);
return Buffer.from(dek, 'base64');
}

async encryptField(dek: Buffer, field: any): Promise {
const encryption = new ClientEncryption(client, {
keyVaultNamespace: this.keyVaultNamespace,
kmsProviders: {
gcp: {
email: process.env.GCP_SERVICE_ACCOUNT_EMAIL,
privateKey: process.env.GCP_SERVICE_ACCOUNT_PRIVATE_KEY,
},
},
});

const encryptedField = await encryption.encrypt(field, {
  keyId: new Binary(dek, Binary.SUBTYPE_BYTE_ARRAY),
  algorithm: 'AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic',
});

return encryptedField;

}
}

here is my code I'm trying to CSFLE using GCP kms, and we have microservices runing on docker environment so "mongodb-client-encryption": "^6.1.1", is already present in package.json and node_modules as well.
but when i run the docker environment i still got the issue on my terminal.

patient-1 | [11:52:12.204] ERROR (50): Optional module mongodb-client-encryption not found. Please install it to use auto encryption or ClientEncryption. {"context":"RpcExceptionsHandler"}
patient-1 | err: {
patient-1 | "type": "Error",
patient-1 | "message": "Optional module mongodb-client-encryption not found. Please install it to use auto encryption or ClientEncryption.",
patient-1 | "stack":
patient-1 | MongoMissingDependencyError: Optional module mongodb-client-encryption not found. Please install it to use auto encryption or ClientEncryption.
patient-1 | at getMongoDBClientEncryption (/usr/src/app/node_modules/.pnpm/[email protected][email protected][email protected]/node_modules/mongodb/src/deps.ts:279:26)
patient-1 | at Function.getMongoCrypt (/usr/src/app/node_modules/.pnpm/[email protected][email protected][email protected]/node_modules/mongodb/src/client-side-encryption/client_encryption.ts:86:50)
patient-1 | at ClientEncryption (/usr/src/app/node_modules/.pnpm/[email protected][email protected][email protected]/node_modules/mongodb/src/client-side-encryption/client_encryption.ts:143:41)
patient-1 | at KeyVaultService.encryptField (/usr/src/app/dist/apps/patient/main.js:5904:28)
patient-1 | at PatientService.addMedicalHistory (/usr/src/app/dist/apps/patient/main.js:1532:48)
patient-1 | at async /usr/src/app/node_modules/.pnpm/@nestjs+microservices@10.4.15_@grpc+grpc-js@1.12.6_@nestjs+common@11.0.10_class-transformer@0_wf7kzsnxi4ek5cejwuautyv53q/node_modules/@nestjs/microservices/context/rpc-proxy.js:11:32
patient-1 | at async ServerTCP.handleMessage (/usr/src/app/node_modules/.pnpm/@nestjs+microservices@10.4.15_@grpc+grpc-js@1.12.6_@nestjs+common@11.0.10_class-transformer@0_wf7kzsnxi4ek5cejwuautyv53q/node_modules/@nestjs/microservices/server/server-tcp.js:67:54)
patient-1 | }

Originally posted by @thismehmood in #9883

[vkarpov15]

It doesn't look like you're using Mongoose?