密钥管理 #
| 语法 | 描述 | 类型 |
|---|---|---|
| ALTER KEY MANAGER RULE | 配置秘钥管理规则 | RAL |
| SHOW KEY MANAGER RULE | 查看秘钥管理规则 | RAL |
| SHOW KEY MANAGER PROVIDERS | 查看秘钥管理 PROVIDERS 规则 | RAL |
| SHOW KEY MANAGER STORAGES | 查看秘钥管理 STORAGES 规则 | RAL |
| LOAD SECRET KEYS | 加载秘钥 | RAL |
| SHOW KEY MANAGER SECRET KEYS | 查看已加载的秘钥 | RAL |
| UNLOAD SECRET KEYS | 卸载秘钥 | RAL |
创建秘钥管理规则 #
ALTER KEY MANAGER RULE
完整配置 DistSQL 示例
ALTER KEY MANAGER RULE (
DEFAULT_NAMESPACE='default',
PROVIDER_TYPE='Local',
STORAGE_TYPE='ZooKeeper',
PROVIDERS(
(
NAME='Local',
TYPE(
NAME='Local',
PROPERTIES(
'encrypt.encrypt.t_user.user_name.aes-key-value'='1234560bc',
'encrypt.encrypt.t_user.password.aes-key-value'='123456a0c',
'encrypt.encrypt.t_user.email.aes-key-value'='123456ab0',
'encrypt.encrypt.t_user.user_telephone.aes-key-value'='023456abc'
)
)
)
),
STORAGES(
(
NAME='ZooKeeper',
TYPE(NAME='ZooKeeper')
)
)
);
查看秘钥管理规则 #
SHOW KEY MANAGER RULE;
示例
SHOW KEY MANAGER RULE;
+---------------+--------------+-------------------+-----------+---------------+-------------+
| provider_type | storage_type | default_namespace | providers | storages | secret_keys |
+---------------+--------------+-------------------+-----------+---------------+-------------+
| Local | ZooKeeper | default | ["Local"] | ["ZooKeeper"] | |
+---------------+--------------+-------------------+-----------+---------------+-------------+
查看秘钥管理 PROVIDERS 规则 #
SHOW KEY MANAGER PROVIDERS;
示例
SHOW KEY MANAGER PROVIDERS;
+---------------+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| provider_name | provider_type | provider_props |
+---------------+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Local | Local | {"encrypt.encrypt.t_user.email.aes-key-value":"123456ab0","encrypt.encrypt.t_user.password.aes-key-value":"123456a0c","encrypt.encrypt.t_user.user_name.aes-key-value":"1234560bc","encrypt.encrypt.t_user.user_telephone.aes-key-value":"023456abc"} |
+---------------+---------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
查看秘钥管理 STORAGES 规则 #
SHOW KEY MANAGER STORAGES;
示例
SHOW KEY MANAGER STORAGES;
+--------------+--------------+---------------+
| storage_name | storage_type | storage_props |
+--------------+--------------+---------------+
| ZooKeeper | ZooKeeper | |
+--------------+--------------+---------------+
加载秘钥 #
LOAD SECRET KEYS
完整配置 DistSQL 示例
LOAD SECRET KEYS(
key_names(
'encrypt.encrypt.t_user.user_name.aes-key-value',
'encrypt.encrypt.t_user.password.aes-key-value',
'encrypt.encrypt.t_user.email.aes-key-value',
'encrypt.encrypt.t_user.user_telephone.aes-key-value'
)
);
查看已加载的秘钥 #
SHOW KEY MANAGER SECRET KEYS;
示例
SHOW KEY MANAGER SECRET KEYS;
+-----------+-----------------------------------------------------+--------------+
| namespace | secret_key | secret_value |
+-----------+-----------------------------------------------------+--------------+
| default | encrypt.encrypt.t_user.email.aes-key-value | 123456ab0 |
| default | encrypt.encrypt.t_user.user_name.aes-key-value | 1234560bc |
| default | encrypt.encrypt.t_user.password.aes-key-value | 123456a0c |
| default | encrypt.encrypt.t_user.user_telephone.aes-key-value | 023456abc |
+-----------+-----------------------------------------------------+--------------+
卸载秘钥 #
UNLOAD SECRET KEYS;
完整配置 DistSQL 示例
UNLOAD SECRET KEYS(
namespace='default',
KEY_NAMES('encrypt.encrypt.t_user.password.aes-key-value')
);