first commit

.github/workflows/build.yml

@@ -0,0 +1,35 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Build
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: maven
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
+
+    # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+    - name: Update dependency graph
+      uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6

.github/workflows/publish.yml

@@ -0,0 +1,39 @@
+# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
+
+name: Publish package to the Maven Central Repository
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  publish:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        server-id: central # Value of the distributionManagement/repository/id field of the pom.xml
+        server-username: MAVEN_USERNAME
+        server-password: MAVEN_PASSWORD
+        settings-path: ${{ github.workspace }} # location for the settings.xml file
+        gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
+
+    - name: Publish package
+      run: mvn javadoc:jar source:jar gpg:sign deploy -s $GITHUB_WORKSPACE/settings.xml
+      env:
+        MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+        MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
+        GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.gitignore

@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar

README.md

@@ -0,0 +1,74 @@
+# Hiss Spring Boot JPA Starter [![build status](https://github.com/Tap30/hiss-spring-boot-jpa-starter/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/Tap30/hiss-spring-boot-jpa-starter/actions/workflows/build.yml)
+
+An small library which uses Spring Boot autoconfiguration capability that integrates Hiss with Spring Boot and Spring Data JPA.
+
+By integrating Hiss with Spring Boot project we mean registration of:
+- Hiss bean using `HissPropertiesFromEnvProvider`
+- JPA interceptor which automatically encrypts objects before saving to DB and decrypts them after loading.
+
+## Quick Start
+
+### 1. Add Hiss dependency
+
+Apache Maven:
+```xml
+<dependency>
+    <groupId>io.github.tap30</groupId>
+    <artifactId>hiss-spring-boot-jpa-starter</artifactId>
+    <version>0.9.0</version>
+</dependency>
+```
+
+Gradle (Groovy):
+```groovy
+implementation 'io.github.tap30:hiss-spring-boot-jpa-starter:0.9.0'
+```
+
+Gradle (Kotlin):
+```kotlin
+implementation("io.github.tap30:hiss-spring-boot-jpa-starter:0.9.0")
+```
+
+### 2. Set environment variables
+
+```bash
+HISS_KEYS_A=AAAAAAAAAAAAAAAAAAAAAA\=\=
+HISS_KEYS_B=AAAAAAAAAAAAAAAAAAAAAA\=\=
+# other keys...
+HISS_DEFAULT_ENCRYPTION_KEY_ID=a
+HISS_DEFAULT_ENCRYPTION_ALGORITHM=aes-128-gcm
+HISS_DEFAULT_HASHING_KEY_ID=b
+HISS_DEFAULT_HASHING_ALGORITHM=hmac-sha256
+```
+
+For more information about envs see
+[this](https://github.com/Tap30/hiss?tab=readme-ov-file#hisspropertiesfromenvprovider).
+
+### 3. Annotate your class with `@Encrypted`
+
+```java
+import io.github.tap30.Encrypted;
+
+public class User {
+    @Encrypted
+    private String phoneNumber;
+    private String hashedPhoneNumber;
+
+    // getters and setters
+}
+```
+
+Note: Getters and setters must exist as Hiss use them to get/set values.
+
+## Using custom `HissPropertiesProvider`
+
+By implementing `HissPropertiesProvider` and annotating it with `@Component`
+this library will pick your implementation rather than default `HissPropertiesFromEnvProvider`.
+
+## Querying Data
+
+Currently there is not easy way to support querying encrypted fields.
+
+To query data, inject Hiss bean (`@Autowired Hiss hiss`)
+and use `Hiss$hash(String)` method to generate hash of content;
+then pass it to the queries which use hashed fields.