Cipher¶
概述¶
Go chassis以插件的形式提供加解密组件功能,用户可以自己定制 in real environment, you may not want anyone to touch your real SK. if anyone hack into your micro service system, then he can leverage AK SK to do anything to your cloud resource.
in other hand, by distributing encrypted SK to developer of micro services can control the security risk. developer is only able to develop services, not able to touch any cloud resources.
Configuration¶
you can use cipher in SK and passphase decryption, or specify cipher plugin for generic usage
servicecomb:
credentials:
accessKey: xxx
secretKey: xxx #ecrypted
akskCustomCipher: default #used to decrypt sk if it is encrypted
ssl:
rest.Consumer.cipherPlugin: default
rest.Consumer.certPwdFile: /path/to/passphase
...
servicecomb:
cipher:
plugin: default
...
Example¶
1.Implement and install a new cipher
//DefaultCipher is a struct
type DefaultCipher struct {
}
func new() security.Cipher {
return &DefaultCipher{}
}
//Encrypt is method used for encryption
func (c *DefaultCipher) Encrypt(src string) (string, error) {
return src, nil
}
//Decrypt is method used for decryption
func (c *DefaultCipher) Decrypt(src string) (string, error) {
return src, nil
}
cipher.InstallCipherPlugin("default", new)
加密¶
d, _ := cipher.Encrypt("ok")
解密¶
```go
d, _ := cipher.Decrypt("ok")