Mongoose plugin and schema type for working with encrypted data.


Mongoose.js is amazing! Out of the box, there is no way to have encrypted fields like passwords. This module is an attempt at adding this functionality.

  • SchemaTypes.Encrypted schema type that inherits from SchemaTypes.String. Fields of that type are automatically encrypted when they are changed.
  • encryptedPlugin schema plugin that adds a checkEncrypted method on model instances. This is used to check some input value against an encrypted field's value
  • minLength validation included (default is 8)
  • Support for PBKDF2 and bcrypt encryption strategy.
var mongoose = require('mongoose'),
    mongooseEncrypted = require('mongoose-encrypted').loadTypes(mongoose),
    encryptedPlugin = mongooseEncrypted.plugins.encryptedPlugin,
    Schema = mongoose.Schema,
    Encrypted = mongoose.SchemaTypes.Encrypted;

var userSchema = new Schema({
    name: String,
    password: {
        type: Encrypted,
        method: 'pbkdf2',
        minLength: 6,
        encryptOptions: {
            iterations: 20000,
            keyLength: 32,
            saltLength: 32

// add plugin to schema so we can check encrypted fields with input data

var User = mongoose.model('Test', userSchema);
var user = new User();

user.password = 'passw0rd';

// notice that is encrypted immediately

// Tests
user.checkEncrypted('password', 'wrongpassword', function(err, res) {
    console.log('attempt 1: ', res ? 'success' : 'fail');
user.checkEncrypted('password', 'passw0rd', function(err, res) {
    console.log('attempt 2: ', res ? 'success' : 'fail');
mongoose = require 'mongoose'
mongooseEncrypted = require('mongoose-encrypted').loadTypes mongoose
encryptedPlugin = mongooseEncrypted.plugins.encryptedPlugin
Schema = mongoose.Schema
Encrypted = mongoose.SchemaTypes.Encrypted

userSchema = new Schema
    name: String
        type: Encrypted
        method: 'bcrypt'
            saltRounds: 10
            seedLength: 20

# add plugin to schema so we can check encrypted fields with input data
userSchema.plugin encryptedPlugin

user = mongoose.model 'Test', userSchema

user = new user()
user.password = 'passw0rd'

# Tests
user.checkEncrypted 'password', 'wrongpassword', (err, res) ->
    console.log 'attempt 1: ', if res then 'success' else 'fail'
user.checkEncrypted 'password', 'passw0rd', (err, res) ->
    console.log 'attempt 2: ', if res then 'success' else 'fail'

With PBKDF2 encryption strategy, crypto.pseudoRandomBytes is used to generate the salt.