JoeKarlsson
diff --git a/‎.gitignore copy
+104 b/‎.gitignore copy
+104
diff --git a/‎README.md
+97-1 b/‎README.md
+97-1
diff --git a/‎app.js
-48 b/‎app.js
-48
diff --git a/‎clients.js
+75 b/‎clients.js
+75
diff --git a/‎create-mongodb-data-key.js
-9 b/‎create-mongodb-data-key.js
-9
diff --git a/‎docker/Dockerfile
+41 b/‎docker/Dockerfile
+41
@@ -0,0 +1,104 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# Next.js build output
+.next
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and *not* Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
@@ -1,4 +1,100 @@
-# MonogDB Field Level Encryption Node Demo
+# MonogDB Client Side Field Level Encryption (CSFLE) Node.js Demo
+
+This guide shows you how to implement automatic Client-Side Field Level Encryption (CSFLE) using supported MongoDB drivers and is intended for full-stack developers. The guide presents the following information in the context of a real-world scenario.
+
+Once you complete the steps in this guide, you should have:
+
+  * an understanding of how client-side field level encryption works and in what situations it is practical
+  * a working client application that demonstrates automatic CSFLE
+  * resources on how to move the sample client application to production
+
+## Running Locally
+
+### Requirements
+
+* MongoDB Atlas 4.2+
+* MongoDB Node driver 3.6.2+
+* The libmongocrypt library installed
+* The mongocryptd binary installed
+
+1. Clone this repository and navigate to the **nodejs** directory.
+
+   ```sh
+   git clone https://github.com/mongodb-university/csfle-guides.git
+   cd nodejs
+   ```
+
+   Work from the **nodejs** directory for the remainder of these instructions.
+
+2. Start a locally running `mongod` instance (Enterprise version >= 4.2) running on port 27017
+
+3. Install the dependencies in `package.json`
+
+   ```js
+   npm install
+   ```
+
+4. Make sure you have the `master-key.txt` file in the root of your execution
+   environment. This is a 96-byte cryptographically-secure generated master
+   encryption key required to run this example project. To generate your own
+   master key or use a KMS, refer to the [CSFLE Use Case Guide](https://docs.mongodb.com/ecosystem/use-cases/client-side-field-level-encryption-guide/).
+
+5. Run the `make-data-key.js` script to make a data key. If there is an
+   existing data key in the **encryption.\_\_keyVault** collection this script
+   will not create a duplicate data key.
+
+   ```js
+   node make-data-key.js
+   ```
+
+   This outputs a base64 encoded string of the UUID of your newly created data key. Paste
+   this into `clients.js` where you see this line
+
+   ```js
+   let dataKey = null // change this!
+   ```
+
+6. Run the `clients.js` script to insert a document with the CSFLE-enabled client
+   and then read that document with it as well as a regular client. You
+   will see that the CSFLE-enabled client prints the document out in plaintext,
+   and the regular client prints the document out with encrypted fields in
+   binary format. This is safe to run multiple times as the insert operation
+   used is an update with `upsert` specified.
+
+   ```js
+   node clients.js
+   ```
+
+7. Suggestion: Try inserting a document with the regular client. What happens?
+
+## Running CSFLE with Docker
+
+1. Change directories to the docker directory.
+  ```sh
+  cd docker
+  ```
+
+2. Build Docker image with a tag name. Within this directory execute: 
+   * For using the latest driver version:
+     ```sh
+     docker build . -t mdb-csfle-example
+     ```
+   This will build a Docker image with a tag name `mdb-csfle-example`. 
+
+3. Run the Docker image by executing:
+   ```sh
+   docker run -tih csfle mdb-csfle-example
+   ```
+   The command above will run a Docker image with tag `mdb-csfle-example` and provide it with `csfle` as its hostname.
+
+4. Once you're inside the Docker container, you could follow below steps to run the NodeJS code example. 
+
+  ```sh
+  $ export MONGODB_URL="mongodb+srv://USER:PWD@EXAMPLE.mongodb.net/dbname?retryWrites=true&w=majority"`
+  $ node ./example.js
+  ```
+
+  If you're connecting to MongoDB Atlas please make sure to [Configure Whitelist Entries](https://docs.atlas.mongodb.com/security-whitelist/)
 
 ## Contributing
 
 
@@ -0,0 +1,75 @@
+const { readMasterKey, CsfleHelper } = require("./helpers")
+
+const localMasterKey = readMasterKey()
+
+const csfleHelper = new CsfleHelper({
+  kmsProviders: {
+    local: {
+      key: localMasterKey
+    }
+  },
+  connectionString: "mongodb+srv://joe:karlsson@cluster0.m7f10.mongodb.net/medicalRecords?retryWrites=true&w=majority"
+})
+
+async function main() {
+  // change this to the base64 encoded data key generated from make-data-key.js
+  let dataKey = "HZrq+a+TSBeZ0txrrnhaqw==";
+
+  let regularClient = await csfleHelper.getRegularClient()
+  let schemeMap = csfleHelper.createJsonSchemaMap(dataKey)
+  let csfleClient = await csfleHelper.getCsfleEnabledClient(schemeMap)
+
+  let exampleDocument = {
+    name: "Jon Doe",
+    ssn: 241014209,
+    bloodType: "AB+",
+    medicalRecords: [
+      {
+        weight: 180,
+        bloodPressure: "120/80"
+      }
+    ],
+    insurance: {
+      provider: "MaestCare",
+      policyNumber: 123142
+    }
+  }
+
+  const regularClientPatientsColl = regularClient
+    .db("medicalRecords")
+    .collection("patients")
+  const csfleClientPatientsColl = csfleClient
+    .db("medicalRecords")
+    .collection("patients")
+
+  // Performs the insert operation with the csfle-enabled client
+  // We're using an update with an upsert so that subsequent runs of this script
+  // don't insert new documents
+  await csfleClientPatientsColl.updateOne(
+    { ssn: exampleDocument["ssn"] },
+    { $set: exampleDocument },
+    { upsert: true }
+  )
+
+  // Performs a read using the encrypted client, querying on an encrypted field
+  const csfleFindResult = await csfleClientPatientsColl.findOne({
+    ssn: exampleDocument["ssn"]
+  })
+  console.log(
+    "Document retreived with csfle enabled client:\n",
+    csfleFindResult
+  )
+
+  // Performs a read using the regular client. We must query on a field that is
+  // not encrypted.
+  // Try - query on the ssn field. What is returned?
+  const regularFindResult = await regularClientPatientsColl.findOne({
+    name: "Jon Doe"
+  })
+  console.log("Document retreived with regular client:\n", regularFindResult)
+
+  await regularClient.close()
+  await csfleClient.close()
+}
+
+main().catch(console.dir)
@@ -0,0 +1,41 @@
+FROM ubuntu:20.04
+
+ARG DRIVER_VERSION=3.6.2
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y sudo \
+    nano \
+    gnupg \
+    git \
+    nodejs \
+    wget \
+    npm \
+    build-essential && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
+
+RUN echo "deb [ arch=amd64,arm64,s390x ] http://repo.mongodb.com/apt/ubuntu focal/mongodb-enterprise/4.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-enterprise.list
+
+RUN apt-get update && apt-get install -y mongodb-enterprise-cryptd=4.4.1
+
+RUN export uid=1000 gid=1000 && \
+    mkdir -p /home/ubuntu && \
+    echo "ubuntu:x:${uid}:${gid}:Developer,,,:/home/ubuntu:/bin/bash" >> /etc/passwd && \
+    echo "ubuntu:x:${uid}:" >> /etc/group && \
+    echo "ubuntu ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ubuntu && \
+    chmod 0440 /etc/sudoers.d/ubuntu && \
+    chown ${uid}:${gid} -R /home/ubuntu
+
+ENV HOME /home/ubuntu
+
+USER ubuntu
+
+RUN mkdir ${HOME}/csfle
+COPY ./csfle/example.js ./csfle/package.json ${HOME}/csfle/
+
+WORKDIR ${HOME}/csfle
+RUN npm install mongodb@${DRIVER_VERSION} mongodb-client-encryption uuid-mongodb --save
+
+CMD ["/bin/bash"]