[Bug][Seatunnel-web] Support encyrption of datasource data #189
Conversation
|
I will review and test this PR in 1-2 days |
| datasourceConfig.replace( | ||
| Constants.PASSWORD, | ||
| ConfigShadeUtils.encryptOption( | ||
| datasourceEncryptionType, datasourceConfig.get(Constants.PASSWORD))); |
There was a problem hiding this comment.
password is not a mandatory field, it can be empty also, then this code will throw NPE. Encrypt only if passord is not empty.
|
How this feature works? I see encryption only, I do not see any decryption. How it will be able to connnect to databases, it will fail. |
Thank you for reviewing. Decryption is done on the engine side. There is a ConfigShadeUtils which takes care of the decryption of password while connecting to the datasource. Sure, i can share the details. |
|
BilwaST
force-pushed
the
encryption
branch
2 times, most recently
from
d3afefb to
0034129
Compare
|
Hi @arshadmohammad |
Currently Datasource passwords are stored as it is in database and also is sent to seatunnel-engine in .profile file. All sensitive information like password should be encrypted. Also the API response should be encrypted for datasource password.
This patch handles the encryption of data using the encryption type available in seatunnel-engine. We can use base64 encryption type.
When we enable this encryption type, we need it configure it in job env like below:
env {
"shade.identifier" =base64
}
add shade.identifier to your env. you can refer to below doc for more understanding
https://seatunnel.apache.org/docs/2.3.2/connector-v2/Config-Encryption-Decryption/