Project

fluent-plugin-encrypt

0.01
No release in over 3 years
Low commit activity in last 3 years
fluent-plugin-encrypttagomoris/fluent-plugin-encryptHomepageDocumentationSource CodeBug TrackerWiki
This plugin converts data of specified fields, by encrypting using AES and base64 encoding for encrypted values
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
7,122
Stars
3
Forks
5
Watchers
5
 Releases
Current version
0.1.1
Total releases
1
First release
2016-03-04
Latest release
2016-03-04
 Issues
Open Issues
1
Closed Issues
1
Total Issues
2
Issue Closure Rate
50%
 Pull Requests
Open Pull Requests
2
Closed Pull Requests
1
Merged Pull Requests
2
Pull Request Acceptance Rate
40%
 Development
Primary Language
Ruby
Average date of last 50 commits
2016-05-24
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.11
rake
~> 10.0
test-unit
~> 3.0

Runtime

fluentd
~> 0.12.0
 Project Readme

fluent-plugin-encrypt

This is a Fluentd filter plugin to encrypt data of specified fields using AES. This works in same way with embulk-filter-encrypt.

Encrypted data is encoded using base64. For example, if you have following input records:

{"id":1, "password":"super", "comment":"a"}
{"id":2, "password":"secret", "comment":"b"}

You can apply encryption to password column and get following outputs:

{"id":1, "password":"ayxU9lMA1iASdHGy/eAlWw==", "comment":"a"}
{"id":2, "password":"v8ffsUOfspaqZ1KI7tPz+A==", "comment":"b"}

Installation

Install with gem or fluent-gem (or td-agent-gem) command:

$ gem install fluent-plugin-encrypt
 
$ fluent-gem install fluent-plugin-encrypt

Configuration

Key and IV hex string generation is required for AES (CBC) encryption before configuring Fluentd. This plugin gem includes the script to do it.

Key and IV generation

Once you installed this plugin by gem, the script will be executable from your shell directly. Define password for encryption at first, then execute it.

$ fluent-plugin-encrypt-genkey AES-256-CBC "my secret passphrase"
key=668F3B7EA156BC3C4332CDD7C5AFDD604155F152C9055B0EACDFBB7708B687BA
iv =25443F5277938A2FD21725F273345C69

Copy these hex strings for Fluentd configuration.

Filter plugin configuration

An example configuration to encrypt a field (named as "device_id"):

<source>
  @type  forward
  @label @myservice
  port   24224
</source>
 
<label @myservice>
  <filter **>
    @type encrypt
    algorithm       aes_256_cbc # default
    encrypt_key_hex 668F3B7EA156BC3C4332CDD7C5AFDD604155F152C9055B0EACDFBB7708B687BA
    encrypt_iv_hex  25443F5277938A2FD21725F273345C69
    key             device_id
    # Or, to encrypt values in some fields
    # keys ["device_id","user_id","session"]
  </filter>
  <match **>
    @type stdout
  </match>
</label>

Available algorithms (algorithm in configuration) are:

  • aes_256_cbc (recommended)
  • aes_192_cbc
  • aes_128_cbc
  • aes_256_ecb
  • aes_192_ecb
  • aes_128_ecb

For fluent-plugin-encrypt-genkey, use names with upcased chars and - instead of _ (e.g. AES-256-CBC).

Other configuration parameters are:

  • encrypt_key_hex: hex string for encryption key generated by scripts (NOT PASSWORD) [required]
  • encrypt_iv_hex: hex string for encryption iv generated by scripts (omit for some encryption mode like ECB)
  • key: key name of fields in records to be encrypted
  • keys: JSON format list of key names to be encrypted

Copyright

  • Copyright (c) 2016- TAGOMORI Satoshi (tagomoris)
  • License
    • Apache License, Version 2.0