Encryption

Background

The data encryption Java API rule configuration allows users to directly create ShardingSphereDataSource objects by writing java code. The Java API configuration method is very flexible and can integrate various types of business systems without relying on additional jar packages.

Parameters

Root Configuration

Class name: org.apache.shardingsphere.encrypt.api.config.EncryptRuleConfiguration

Attributes:

NameDataTypeDescriptionDefault Value
tables (+)Collection<EncryptTableRuleConfiguration>Encrypt table rule configurations
encryptors (+)Map<String, AlgorithmConfiguration>Encrypt algorithm name and configurations
queryWithCipherColumn (?)booleanWhether query with cipher column for data encrypt. User you can use plaintext to query if havetrue

Encrypt Table Rule Configuration

Class name: org.apache.shardingsphere.encrypt.api.config.rule.EncryptTableRuleConfiguration

Attributes:

NameDataTypeDescription
nameStringTable name
columns (+)Collection<EncryptColumnRuleConfiguration>Encrypt column rule configurations
queryWithCipherColumn (?)booleanThe current table whether query with cipher column for data encrypt

Encrypt Column Rule Configuration

Class name: org.apache.shardingsphere.encrypt.api.config.rule.EncryptColumnRuleConfiguration

Attributes:

NameDataTypeDescription
logicColumnStringLogic column name
cipherColumnStringCipher column name
assistedQueryColumn (?)StringAssisted query column name
likeQueryColumn (?)StringLike query column name
plainColumn (?)StringPlain column name
encryptorNameStringEncrypt algorithm name
assistedQueryEncryptorNameStringAssisted query encrypt algorithm name
likeQueryEncryptorNameStringLike query encrypt algorithm name
queryWithCipherColumn (?)booleanThe current column whether query with cipher column for data encrypt

Encrypt Algorithm Configuration

Class name: org.apache.shardingsphere.infra.config.algorithm.AlgorithmConfiguration

Attributes:

NameDataTypeDescription
nameStringEncrypt algorithm name
typeStringEncrypt algorithm type
propertiesPropertiesEncrypt algorithm properties

Please refer to Built-in Encrypt Algorithm List for more details about type of algorithm.

Procedure

  1. Create a real data source mapping relationship, where key is the logical name of the data source and value is the datasource object.
  2. Create the encryption rule object EncryptRuleConfiguration, and initialize the encryption table object EncryptTableRuleConfiguration, encryption algorithm and other parameters in the object.
  3. Call createDataSource of ShardingSphereDataSourceFactory to create ShardingSphereDataSource.

Sample

  1. public final class EncryptDatabasesConfiguration implements ExampleConfiguration {
  3.     @Override
  4.     public DataSource getDataSource() {
  5.         Properties props = new Properties();
  6.         props.setProperty("aes-key-value", "123456");
  7.         EncryptColumnRuleConfiguration columnConfigAes = new EncryptColumnRuleConfiguration("username", "username", "", "", "username_plain", "name_encryptor", null);
  8.         EncryptColumnRuleConfiguration columnConfigTest = new EncryptColumnRuleConfiguration("pwd", "pwd", "assisted_query_pwd", "like_pwd", "", "pwd_encryptor", null);
  9.         EncryptTableRuleConfiguration encryptTableRuleConfig = new EncryptTableRuleConfiguration("t_user", Arrays.asList(columnConfigAes, columnConfigTest), null);
  10.         Map<String, AlgorithmConfiguration> encryptAlgorithmConfigs = new LinkedHashMap<>(2, 1);
  11.         encryptAlgorithmConfigs.put("name_encryptor", new AlgorithmConfiguration("AES", props));
  12.         encryptAlgorithmConfigs.put("pwd_encryptor", new AlgorithmConfiguration("assistedTest", props));
  13.         encryptAlgorithmConfigs.put("like_encryptor", new AlgorithmConfiguration("CHAR_DIGEST_LIKE", new Properties()));
  14.         EncryptRuleConfiguration encryptRuleConfig = new EncryptRuleConfiguration(Collections.singleton(encryptTableRuleConfig), encryptAlgorithmConfigs);
  15.         try {
  16.             return ShardingSphereDataSourceFactory.createDataSource(DataSourceUtil.createDataSource("demo_ds"), Collections.singleton(encryptRuleConfig), props);
  17.         } catch (final SQLException ex) {
  18.             ex.printStackTrace();
  19.             return null;
  20.         }
  21.     }
  22. }