Encryption

Background

The YAML configuration approach to data encryption is highly readable, with the YAML format enabling a quick understanding of dependencies between encryption rules. Based on the YAML configuration, ShardingSphere automatically completes the creation of ShardingSphereDataSource objects, reducing unnecessary coding efforts for users.

Parameters

  1. rules:
  2. - !ENCRYPT
  3.   tables:
  4.     <table-name> (+): # Encrypt table name
  5.       columns:
  6.         <column-name> (+): # Encrypt logic column name
  7.           cipherColumn: # Cipher column name
  8.           assistedQueryColumn (?):  # Assisted query column name
  9.           plainColumn (?): # Plain column name
  10.           encryptorName: # Encrypt algorithm name
  11.       queryWithCipherColumn(?): # The current table whether query with cipher column for data encrypt. 
  13.   # Encrypt algorithm configuration
  14.   encryptors:
  15.     <encrypt-algorithm-name> (+): # Encrypt algorithm name
  16.       type: # Encrypt algorithm type
  17.       props: # Encrypt algorithm properties
  18.         # ...
  20.   queryWithCipherColumn: # Whether query with cipher column for data encrypt. User you can use plaintext to query if have

Please refer to Built-in Encrypt Algorithm List for more details about type of algorithm.

Procedure

  1. Configure data encryption rules in the YAML file, including data sources, encryption rules, global attributes, and other configuration items.
  2. Using the createDataSource of calling the YamlShardingSphereDataSourceFactory object to create ShardingSphereDataSource based on the configuration information in the YAML file.

Sample

The data encryption YAML configurations are as follows:

  1. dataSources:
  2.   unique_ds:
  3.     dataSourceClassName: com.zaxxer.hikari.HikariDataSource
  4.     driverClassName: com.mysql.jdbc.Driver
  5.     jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
  6.     username: root
  7.     password:
  9. rules:
  10. - !ENCRYPT
  11.   tables:
  12.     t_user:
  13.       columns:
  14.         username:
  15.           plainColumn: username_plain
  16.           cipherColumn: username
  17.           encryptorName: name-encryptor
  18.         pwd:
  19.           cipherColumn: pwd
  20.           assistedQueryColumn: assisted_query_pwd
  21.           encryptorName: pwd_encryptor
  22.   encryptors:
  23.     name-encryptor:
  24.       type: AES
  25.       props:
  26.         aes-key-value: 123456abc
  27.     pwd_encryptor:
  28.       type: assistedTest

Read the YAML configuration to create a data source according to the createDataSource method of YamlShardingSphereDataSourceFactory.

  1. YamlShardingSphereDataSourceFactory.createDataSource(getFile());