-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Summer 2021] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0 #5695
Labels
Milestone
Comments
Closed
5 tasks
5 tasks
5 tasks
realJackSun
pushed a commit
that referenced
this issue
Mar 16, 2022
* [ISSUE#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0 (#6655) * Defines the interface * 增加aes实现 * 客户端、服务端加解密实现 * 客户端、服务端加解密实现 * fix code quality (#6727) * [ISSUE#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0, EncryptedDataKey is persisted (#6740) * Defines the interface * 增加aes实现 * 客户端、服务端加解密实现 * 客户端、服务端加解密实现 * 秘钥持久化 * 秘钥持久化 * [ISSUE#5695] Summer2021 Cache encryptedDataKey (#6878) * Defines the interface * 增加aes实现 * 客户端、服务端加解密实现 * 客户端、服务端加解密实现 * 秘钥持久化 * 秘钥持久化 * 秘钥缓存到内存中 * 解决冲突 * 修改filter继承AbstractConfigFilter (#6879) * [ISSUE#5695] Summer2021 EncryptedDataKey is persisted to Derby (#6882) * [ISSUE#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0 (#6655) * Defines the interface * 增加aes实现 * 客户端、服务端加解密实现 * 客户端、服务端加解密实现 * fix code quality (#6727) * # This is a combination of 6 commits.tree cf7a399f99c4d81b8667c8de06f5ceb8c79fb6f0 parent 8024ecf author 李晓双 Li Xiao Shuang <[email protected]> 1630028256 +0800 committer lixiaoshuang <[email protected]> 1631804378 +0800 # This is a combination of 3 commits. # This is the 1st commit message: [ISSUE#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0, EncryptedDataKey is persisted (#6740) * Defines the interface * 增加aes实现 * 客户端、服务端加解密实现 * 客户端、服务端加解密实现 * 秘钥持久化 * 秘钥持久化 # This is the commit message #2: [ISSUE#5695] Summer2021 Cache encryptedDataKey (#6878) * Defines the interface * 增加aes实现 * 客户端、服务端加解密实现 * 客户端、服务端加解密实现 * 秘钥持久化 * 秘钥持久化 * 秘钥缓存到内存中 * 解决冲突 # This is the commit message #3: 修改filter继承AbstractConfigFilter (#6879) # This is the commit message #6: 客户端、服务端加解密实现 * parent 8024ecf author 李晓双 Li Xiao Shuang <[email protected]> 1630028256 +0800 committer lixiaoshuang <[email protected]> 1631805204 +0800 parent 8024ecf author 李晓双 Li Xiao Shuang <[email protected]> 1630028256 +0800 committer lixiaoshuang <[email protected]> 1631804378 +0800 [ISSUE#5695] Add a plugin SPI for configuration encryption and decryption for Nacos 2.0, EncryptedDataKey is persisted (#6740) * 配置加解密插件 * derby支持秘钥存储 * 克隆功能兼容配置加解密 (#6913) * [ISSUE#5695] Summer2021 Import/export compatible with configuration encryption and decryption (#6956) * 克隆功能兼容配置加解密 * 导入导出兼容配置加解密 * 秘钥base64编码、更换AES加密模式 (#6974) * [ISSUE#5695] Summer2021 add unit test for ConfigCryptoFilter (#6991) * add unit test for ConfigCryptoFilter * add unit test for ConfigCryptoFilter * [ISSUE#5695] Summer2021 add unit test for CryptoExecutor (#6990) * add unit test for CryptoExecutor * add Copyright * [ISSUE#5695] Summer2021 add unit test for CryptoManager (#6989) * add unit test for CryptoManager * add unit test for CryptoManager * [ISSUE#5695] Summer2021 add unit test for AesCrypto (#6988) * add unit test for AesCrypto * update AesCryptoTest * Increased iv randomness * add default Iv * fix javadoc * fix unit test * defining plugin intergace * Replace the client encryption and decryption actuator * Replace the server encryption and decryption actuator * add unit test * add unit test * remove old code * fix NacosConfigServiceTest * Encryption and decryption to achieve migration Co-authored-by: 杨翊 SionYang <[email protected]>
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
In Nacos community, many users concerned about the security issues of some sensitive information in the configuration.
Like #492, #4025, #4707, #5367 and many closed issues.
So Nacos community want to design a set of API for encryption and inject into the workflow of publish and query configuration. And provide one kind of easy implementation like
AES
encryption.Through the encryption plugin, users can use the simple implementation provided by the community to preliminarily carry out the problem of sensitive configuration desensitization. At the same time, they can also implement their own encryption plug-in to meet the high requirements for desensitization.
Target
Add a plugin SPI for configuring encryption and decryption, and add a simple implementation of encryption and decryption.
Difficulty
Medium
Mentor
@TsingLiang
[email protected]
Output Requirements
Technical Requirements
背景
在Nacos社区中,许多用户关注配置中某些敏感信息的安全性问题。
像#492,#4025,#4707,#5367 和许多已关闭的Issue。
因此,Nacos社区希望设计一套用于加密的API,并将其注入到发布和查询配置的工作流程中。 并提供一种简单的实现,如AES加密。
通过加密插件,用户可以使用社区提供的简单实现来初步解决敏感配置脱敏问题。 同时,他们还可以实现自己的加密插件,以满足对脱敏的高要求。
目标
为Nacos添加配置加解密的插件SPI,并新增一类简单的加解密实现。
难度
中等
导师
@TsingLiang
[email protected]
产出要求
能力要求
The text was updated successfully, but these errors were encountered: