Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Database governance-Encryption CRD for encryption l | 数据库治理-加密 #28

Closed
mlycore opened this issue Aug 16, 2022 · 0 comments · Fixed by #40
Closed

[RFC] Database governance-Encryption CRD for encryption l | 数据库治理-加密 #28

mlycore opened this issue Aug 16, 2022 · 0 comments · Fixed by #40
Labels
area/database-governance Category issues or PRs related to database governance kind/spec-RFC Issues or PRs for OpenSergo spec RFC

Comments

@mlycore
Copy link
Contributor

mlycore commented Aug 16, 2022

domain: database

Umbrella issue: #15

Encryption defines a set of rules help declare data encryption configurations.

(English version TBD...)

企业往往因为安全审计和合规的要求,需要对数据存储提供多种安全加固措施,比如数据加密。
数据加密通过对用户输入的 SQL 进行解析,并依据用户提供的加密规则对 SQL 进行改写,从而实现对原文数据进行加密,并将原文数据(可选)及密文数据同时存储到底层数据库。在用户查询数据时,它仅从数据库中取出密文数据,并对其解密,最终将解密后的原始数据返回给用户。

配置包括:

  • encryptors:加密器配置,指使用什么加密算法进行加解密,如:AES,MD5,RC4,SM3 和 SM4 等。
  • tables:加密表配置,声明数据表里哪个列用于存储密文数据、使用什么算法加解密、哪个列用于存储辅助查询数据、哪个列用于存储明文数据。
  • queryWithCipherColumn:决定是否使用加密列进行查询。在有原文列的情况下,可以使用原文列进行查询
apiVersion: database.opensergo.io/v1alpha1
kind: Encryption
metadata:
  name: encrypt-db
spec:
  encryptors:  # map[string]object 类型
    aes_encryptor:  # 加密算法名称
      type: AES
      props:
        "aes-key-value": "123456abc"
    md5_encryptor:  # 加密算法名称
      type: "MD5"
  tables: # map[string]object 类型
    t_encrypt:      # 加密表名称
      columns: # map[string]object 类型
        user_id:    # 加密列名称
          plainColumn: "user_plain"      # 原文列名称
          cipherColumn: "user_cipher"    # 密文列名称
          encryptorName: "aes_encryptor" # 加密算法名称
          assistedQueryColumn: "" # 查询辅助列名称
        order_id:   # 加密列名称
          cipherColumn: "order_cipher"
          encryptorName: "md5_encryptor"
  queryWithCipherColumn: true # 是否使用加密列进行查询。在有原文列的情况下,可以使用原文列进行查询
@sczyh30 sczyh30 added the kind/spec-RFC Issues or PRs for OpenSergo spec RFC label Aug 16, 2022
@mlycore mlycore changed the title [RFC] Database governance-Sharding CRD for encryption l | 数据库治理-加密 [RFC] Database governance-Encryption CRD for encryption l | 数据库治理-加密 Aug 16, 2022
@sczyh30 sczyh30 added the area/database-governance Category issues or PRs related to database governance label Aug 18, 2022
@sczyh30 sczyh30 linked a pull request Sep 8, 2022 that will close this issue
Add docs for Database Spec v1alpha1 #40
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/database-governance Category issues or PRs related to database governance kind/spec-RFC Issues or PRs for OpenSergo spec RFC
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add docs for Database Spec v1alpha1 mlycore/opensergo-specification
2 participants
@sczyh30 @mlycore