Project

fluent-plugin-jwt-filter

0.0
No commit activity in last 3 years
No release in over 3 years
fluent-plugin-jwt-filtertoyokazu/fluent-plugin-jwt-filterHomepageDocumentationSource CodeBug TrackerWiki
Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
13,789
Stars
6
Forks
1
Watchers
2
 Releases
Current version
0.1.0
Total releases
6
First release
2016-03-05
Latest release
2017-08-30
 Issues
Open Issues
1
Closed Issues
0
Total Issues
1
Issue Closure Rate
0%
 Development
Primary Language
Ruby
Licenses
Apache License Version 2.0
Average date of last 50 commits
2016-04-16
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.14
rake
~> 12.0
test-unit
>= 0

Runtime

fluentd
~> 0.14.0
json-jwt
>= 1.7.1
 Project Readme

Fluent::Plugin::Jwt::Filter

Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key). This plugin uses json-jwt to encrypt/decrypt messages.

in_secure_forward and out_secure_forward can support encryption and authentication between fluentd instances. However, if a user intends to share their data via third party data broker like EverySense, they may wants to encrypt their data end-to-end fashion. fluent-plugin-jwt-filter can support end-to-end (from fluentd to fluentd) encryption.

Installation

Add this line to your application's Gemfile:

gem 'fluent-plugin-jwt-filter'

And then execute:

bundle

Or install it yourself as:

gem install fluent-plugin-jwt-filter

Usage

fluent-plugin-jwt-filter provides encrypt and decrypt of messages.

<filter test>
  @type jwt
  method encrypt
</filter>

Encrypt/Decrypt can be selected by method option.

Encryption

In the following example, input from in_tail plugin is encrypted by jwt-filter and then outputted by out_forward plugin.

<source>
  @type tail
  path /tmp/test.log
  pos_file /tmp/test.log.pos
  tag test
  format json
</source>

<filter test>
  @type jwt
  method encrypt
</filter>

<match test>
  @type forward
  <server>
    host ::1
    port 24224
  </server>
</match>

For encryption, the following options are available.

  • jwk_pub_file: is a file name which records public key of JSON Web Key (JWK). JWK public and private key can be easily generated by jwk_tool (default name: key.pub).

  • block_cipher_alg: is an algorithm to encrypt the contents. Block cipher is used for encryption and symmetric key of block cipher is encrypted by key encryption algorithm. Currently json-jwt supports A128GCM, A256GCM, A128CBC-HS256 and A256CBC-HS512 (default A128GCM and require "ruby > 2.0.0").

  • key_encryption_alg: is an algorithm to encrypt block cipher encryption key. Basically public key algorithm is assumed. If JWK is created as symmetric key, this option is not required (default RSA1_5).

    @type jwt jwk_pub_file fluent/key.pub block_cipher_alg A128GCM key_encryption_alg RSA1_5

Decryption

In the following example, input from in_forward plugin is decrypted by jwt-filter and then outputted by out_stdout plugin.

<source>
  @type forward
  port 24224
  bind ::1
</source>

<filter test>
  @type jwt
  method decrypt
</filter>

<match test>
  type stdout
</match>

For decryption, the following options are available.

  • jwk_file: is a file name which records private key of JSON Web Key (JWK). As already mentioned in Encryption section, JWK public and private key can be easily generated by jwk_tool (default name: key)

    @type jwt method decrypt jwk_file fluent/key