feat: support global data encryption of secret information #8403
Conversation
apisix/consumer.lua
Outdated
| for key, props in pairs(consumer_schema.properties) do | ||
| if props.type == "string" and props.encrypted then | ||
| local encrypted = apisix_ssl.aes_decrypt_pkey(conf[key], "global_data_encrypt") | ||
| conf[key] = encrypted | ||
| end | ||
| end |
There was a problem hiding this comment.
The schema may have nested objects
There was a problem hiding this comment.
I know that since this PR does not include this case, we can optimize this point in the next PR.
| return | ||
| end | ||
|
|
||
| for key, props in pairs(schema.properties) do |
There was a problem hiding this comment.
Don't we consider the case of configuration nesting here?
There was a problem hiding this comment.
I know that since this PR does not include this case, we can optimize this point in the next PR.
There was a problem hiding this comment.
It's better to notice this point at doc ?
There was a problem hiding this comment.
I don't think it's needed and will finish it soon.
There was a problem hiding this comment.
It's a bit complicated, like 'anyof', 'oneof' need to be considered.
There was a problem hiding this comment.
Anyof or oneof only restricts the existence of items, if an item has encrypted = true but does not exist in conf, it will not be encrypted.
tzssangglass
requested review from
membphis,
soulbird and
monkeyDluffy6017
and removed request for
monkeyDluffy6017
tzssangglass
requested review from
spacewander
and removed request for
monkeyDluffy6017
* upstream/master: (48 commits) fix(ai): remove BUILD_ROUTER event when ai module is unloaded (apache#8184) chore: add some comment for make_request_to_vault function (apache#8420) docs: update admin api English doc (apache#8227) ci: use fixed os version of ubuntu (apache#8438) feat: Support store secrets in secrets manager for auth plugin via kms components (apache#8421) feat: interact via gRPC in APISIX Admin API (apache#8411) fix: last_err can be nil when the reconnection is successful (apache#8377) feat: support global data encryption of secret information (apache#8403) refactor(env): rename funtion name (apache#8426) feat(admin): add kms admin api (apache#8394) docs: update consumer and upstream docs (apache#8223) ci: add cron job for GM (apache#8398) docs: add kms env doc (apache#8419) feat: Added log format support in syslog plugin. (apache#8279) feat: add vault common components (apache#8412) docs: update global-rule/plugin-config/plugin/ docs (apache#8262) docs: update consumer-group/router/service/script doc (apache#8332) feat: support store secret in env for auth plugin (apache#8390) docs: update Upgrade Guide CN version (apache#8392) docs: add GM plugin EN doc to make website display normally (apache#8393) ...
Description
Fixes #8407
Checklist