Encryption

Background

The YAML configuration approach to data encryption is highly readable, with the YAML format enabling a quick understanding of dependencies between encryption rules. Based on the YAML configuration, ShardingSphere automatically completes the creation of ShardingSphereDataSource objects, reducing unnecessary coding efforts for users.

Parameters

  1. rules:
  2. - !ENCRYPT
  3.   tables:
  4.     <table_name> (+): # Encrypt table name
  5.       columns:
  6.         <column_name> (+): # Encrypt logic column name
  7.           plainColumn (?): # Plain column name
  8.           cipherColumn: # Cipher column name
  9.           encryptorName: # Cipher encrypt algorithm name
  10.           assistedQueryColumn (?):  # Assisted query column name
  11.           assistedQueryEncryptorName:  # Assisted query encrypt algorithm name
  12.           likeQueryColumn (?):  # Like query column name
  13.           likeQueryEncryptorName:  # Like query encrypt algorithm name
  14.       queryWithCipherColumn(?): # The current table whether query with cipher column for data encrypt. 
  16.   # Encrypt algorithm configuration
  17.   encryptors:
  18.     <encrypt_algorithm_name> (+): # Encrypt algorithm name
  19.       type: # Encrypt algorithm type
  20.       props: # Encrypt algorithm properties
  21.         # ...
  23.   queryWithCipherColumn: # Whether query with cipher column for data encrypt. User you can use plaintext to query if have

Please refer to Built-in Encrypt Algorithm List for more details about type of algorithm.

Procedure

  1. Configure data encryption rules in the YAML file, including data sources, encryption rules, global attributes, and other configuration items.
  2. Using the createDataSource of calling the YamlShardingSphereDataSourceFactory object to create ShardingSphereDataSource based on the configuration information in the YAML file.

Sample

The data encryption YAML configurations are as follows:

  1. dataSources:
  2.   unique_ds:
  3.     dataSourceClassName: com.zaxxer.hikari.HikariDataSource
  4.     driverClassName: com.mysql.jdbc.Driver
  5.     jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
  6.     username: root
  7.     password:
  9. rules:
  10. - !ENCRYPT
  11.   tables:
  12.     t_user:
  13.       columns:
  14.         username:
  15.           plainColumn: username_plain
  16.           cipherColumn: username
  17.           encryptorName: name_encryptor
  18.           assistedQueryColumn: assisted_query_username
  19.           assistedQueryEncryptorName: assisted_encryptor
  20.           likeQueryColumn: like_query_username
  21.           likeQueryEncryptorName: like_encryptor
  22.         pwd:
  23.           cipherColumn: pwd
  24.           encryptorName: pwd_encryptor
  25.           assistedQueryColumn: assisted_query_pwd
  26.           assistedQueryEncryptorName: assisted_encryptor
  27.       queryWithCipherColumn: true
  28.   encryptors:
  29.     name_encryptor:
  30.       type: AES
  31.       props:
  32.         aes-key-value: 123456abc
  33.     assisted_encryptor:
  34.       type: AES
  35.       props:
  36.         aes-key-value: 123456abc
  37.     like_encryptor:
  38.       type: CHAR_DIGEST_LIKE
  39.     pwd_encryptor:
  40.       type: MD5

Read the YAML configuration to create a data source according to the createDataSource method of YamlShardingSphereDataSourceFactory.

  1. YamlShardingSphereDataSourceFactory.createDataSource(getFile());