0.93.0, May 27th 2022
0.93.0, May 27th 2022
This release brings type awareness which improves transparent encryption on AcraServer. Type awareness means that it's possible to tell AcraServer what are the original data types for fields. During decryption, AcraServer will convert decrypted fields to their original data types. No need to change client application code to work with "binary data".
It's also possible to choose a default value for each data field if its decryption failed. AcraServer can send a a default value like "<encrypted data>
" instead of decryption errors, making developers' and users' life easier.
Core:
- AcraServer:
- Added type awareness and ability to map binary data to a certain data type when sending decrypted data back to the application. Extended encryptor_config which allow configure mapping application data type to proper database's type. #515, #517, #523, #519, #520
- Extended
encryptor_config
with new parameters:data_type
- specify data type expected by application. Acceptstr
,bytes
,int64
,int32
values. #515, #517default_data_value
- specify a placeholder (default value) to replace data that couldn't be decrypted. #515, #517response_on_fail
- specify action on decryption failure. Acceptsciphertext
(returns encrypted data as is),default_value
(returns values fromdefault_data_value
parameter),error
(returns error as DB error with message likeencoding error in column {column_name}
). #521, #533
- Deprecated
tokenize
parameter inencryptor_config
and changed focus ontoken_type
parameter. Now is enough to specifytoken_type
parameter withouttokenize: true
to turn on tokenization. Read more in the documentation. #527 - Removed auto-generation poison record's keys but leaved for
acra-poisonrecordmaker
. It improves decryption due to omitting extra key generation and poison record recognition. #516 - Improvements in handling error cases on DB protocol layer. #511, #515, #517, #520, #528, #535, #537
- Improved sql parser and support of
set
command. #534 - Ignored legacy keys on startup loading to cache. #510, #522
- Improved PostgreSQL/MySQL protocol support. #525, #526, #539, #540, #541, #542, #543, #544
- AcraCensor:
- Removed legacy
IsForbidden
field from acra-censor’s logs. Read more here in notes. #508
- Removed legacy
- AcraKeys:
- Removed duplicate entries in
list
command. #530
- Removed duplicate entries in
- Other:
- Makefile target
install_dev_deps
install required golang's dependencies for development and code generation. #531
- Makefile target
Documentation:
- Improved description of AcraServer's encryptor_config, adding details and examples about data processing options: encryption, searchable encryption, masking, tokenization, type awareness, etc.
- Updated "Debugging and troubleshooting" section with more tips and tricks.
Example projects and demos:
- Python examples: updated to show type masking feature. #524, #529
- acra-engineering-demo updated to show data type masking support. #46, #47, #48, #49, #50, #51.