Logo
Data Encryption

Data Encryption #

Configuration Details #

Version 1.6.0 introduced adjustments to encryption API configurations, making it convenient to use while also maintaining compatibility with the old API configurations.

New API Configurations after Version 1.6.0 #

rules:
- !ENCRYPT
  tables:
    <table-name> (+): # Encrypted table name
      columns:
        <column-name> (+): # Encrypted column name
          dataType: # Logical column type
          plain: # Plain text configuration
            name: # Plain text column name
            queryWithPlain: false # Optional, default value false, query by cipher
          cipher: # Cipher text configuration
            name: # Cipher text column name
            dataType: # Cipher text column data type length
            encryptorName: # Encryption algorithm name
          assistedQuery: # Query assistance column configuration
            name: # Query assistance column name
            dataType: # Query assistance column data type length
            encryptorName: # Query assistance algorithm
          likeQuery: # Fuzzy query column configuration
            name: # Fuzzy query column name
            dataType: # Fuzzy query column data type length
            encryptorName: # Fuzzy query algorithm

  # Encryption algorithm configuration
  encryptors:
    <encrypt-algorithm-name> (+): # Encryption and decryption algorithm name
      type: # Encryption and decryption algorithm type
      props: # Encryption and decryption algorithm property configuration
        # ...


  # Key storage management configuration
  keyManagers:
    <key-manager-name> (+): # Key storage manager name
      type: # Key storage manager type, supports Local storage, AWS cloud storage
      props: # Key storage manager property configuration
        # ...
  • Example
rules:
- !ENCRYPT
  encryptors:
    aes_encryptor:
      type: AES
      props:
        aes-key-value: 123456abc
    char_digest_like_encryptor:
      type: CHAR_DIGEST_LIKE
      props:
        delta: 2
    md5_assisted_encryptor:
      type: MD5
      props:
        salt: 121212
  
  tables:
    t_merchant:
      columns:
        merchant_name:
          dataType: varchar(20)
          plain:
            name: merchant_name_plain
            queryWithPlain: false
          cipher:
            name: merchant_name_cipher
            dataType: varchar(100)
            encryptorName: aes_encryptor
          assistedQuery:
            name: merchant_name_assisted
            dataType: varchar(100)
            encryptorName: md5_assisted_encryptor
          likeQuery:
            name: merchant_name_like
            dataType: varchar(50)
            encryptorName: char_digest_like_encryptor

Compatibility with Old API Configurations after Version 1.6.0 #

rules:
- !COMPATIBLE_ENCRYPT
  tables:
    <table-name> (+): # Encrypt table name
      columns:
        <column-name> (+): # Encrypt column name
          dataType: # Logic column type
          cipherColumn: # Cipher column name
          cipherDataType: # Cipher column type
          assistedQueryColumn (?):  # Assisted query column name
          assistedQueryDataType: # Assisted query column type
          plainColumn (?): # Original column name
          plainDataType: # Original column type
          encryptorName: # Encrypt algorithm name
      queryWithCipherColumn(?): # Whether the table uses encrypted columns for querying
    
  # Encrypt algorithm configuration
  encryptors:
    <encrypt-algorithm-name> (+): # Encrypt algorithm name
      type: # Encrypt algorithm type
      props: # Encrypt algorithm properties configuration
        # ...

  queryWithCipherColumn: # Whether to use encrypted columns for queries. If there is an original text column, you can use the original text column to query

  # Key storage management configuration
  keyManagers:
      <key-manager-name> (+): # Key storage manager name
        type: # Key storage managemer type, support Local storage, AWS cloud side storage
        props: # Key storage manager properties configuration
          # ...
  • Example

rules:
- !COMPATIBLE_ENCRYPT
  encryptors:
    aes_encryptor:
      type: AES
      props:
        aes-key-value: 123456abc
    char_digest_like_encryptor:
      type: CHAR_DIGEST_LIKE
      props:
        delta: 2
    md5_assisted_encryptor:
      type: MD5
      props:
        salt: 123456
  
  tables:
    t_merchant:
      columns:
        merchant_name:
          dataType: varchar(20)
          plainColumn: merchant_name_plain
          plainDataType: varchar(20)
          cipherColumn: merchant_name_cipher
          cipherDataType: varchar(100)
          encryptorName: aes_encryptor
          assistedQueryColumn: merchant_name_assisted
          assistedQueryDataType: varchar(100)
          assistedQueryEncryptorName: md5_assisted_encryptor
          likeQueryColumn: merchant_name_like
          likeQueryDataType: varchar(50)
          likeQueryEncryptorName: char_digest_like_encryptor
          queryWithCipherColumn: true
      queryWithCipherColumn: true
  queryWithCipherColumn: true