feat: data encryption support more plugins #8487
Conversation
|
It is best to update the documentation of each plugin to indicate the fields that will be encrypted. |
done |
| return | ||
| end | ||
|
|
||
| -- we only support two levels |
There was a problem hiding this comment.
too many limitations, maybe we should optimize this feature later when we have time
There was a problem hiding this comment.
Why add this limitation, can we parse the conf recursively
There was a problem hiding this comment.
I'd like to optimize when the schema must be expressed in more than two levels.
For now, I think two levels are enough(In fact, I hate nesting more than two levels in a schema, it's unreadable.)
| @@ -41,6 +41,8 @@ This Plugin considers the `GET`, `HEAD` and `OPTIONS` methods to be safe operati | |||
| | expires | number | False | `7200` | Expiration time in seconds of the CSRF cookie. Set to `0` to skip checking expiration time. | | |||
| | key | string | True | | Secret key used to encrypt the cookie. | | |||
|
|
|||
| NOTE: `encrypt_fields = {"key"}` is also defined in the schema, which means that the field will be stored encrypted in etcd. See [encrypted storage fields](../plugin-develop.md#encrypted-storage-fields). | |||
There was a problem hiding this comment.
The field will be encrypted and stored in etcd ?
There was a problem hiding this comment.
yes, what is stored in etcd is the encrypted
There was a problem hiding this comment.
Is the sentence better The field will be encrypted and stored in etcd
There was a problem hiding this comment.
I guess there is no difference? For this field, the only encrypted state is in etcd. They are decrypted when APISIX is running and when fetched via the admin API.
I think the way I wrote it better conveys the idea that it is only encrypted in etcd.
Description
Fixes #8407
Checklist