I use Hibernate’s @ColumnTransformer
to map an encrypted database column to an entity attribute.
@ColumnTransformer(
read = "pgp_sym_decrypt(refresh_token::bytea, 'mykey or obfuscated key from keystore')",
write = "pgp_sym_encrypt(?, 'mykey or obfuscated key from keystore')"
)
@Column(name="refresh_token")
private String refreshToken;
I decided to use the refresh token as primary key and update the table row with any new access token.
But it will not work with an encoded primary key.
Why can't we apply @ColumnTransformer
to primary key field annotated with @Id
?
I found this issue from 2015 in the Hibernate issue tracker where this feature request was actively rejected: https://hibernate.atlassian.net/browse/HHH-9808
If I understand correctly, it makes updating and lazy loading way more complicated. Also, there seemed to be a lack of interest.