The YAML configuration approach to data encryption is highly readable, with the YAML format enabling a quick understanding of dependencies between encryption rules. Based on the YAML configuration, ShardingSphere automatically completes the creation of ShardingSphereDataSource objects, reducing unnecessary coding efforts for users.
rules:
- !ENCRYPT
tables:
<table-name> (+): # Encrypt table name
columns:
<column-name> (+): # Encrypt logic column name
cipherColumn: # Cipher column name
assistedQueryColumn (?): # Assisted query column name
encryptorName: # Encrypt algorithm name
queryWithCipherColumn(?): # The current table whether query with cipher column for data encrypt.
# Encrypt algorithm configuration
encryptors:
<encrypt-algorithm-name> (+): # Encrypt algorithm name
type: # Encrypt algorithm type
props: # Encrypt algorithm properties
# ...
queryWithCipherColumn: # Whether query with cipher column for data encrypt. User you can use plaintext to query if have
Please refer to Built-in Encrypt Algorithm List for more details about type of algorithm.
The data encryption YAML configurations are as follows:
dataSources:
unique_ds:
dataSourceClassName: com.zaxxer.hikari.HikariDataSource
driverClassName: com.mysql.jdbc.Driver
jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
username: root
password:
rules:
- !ENCRYPT
tables:
t_user:
columns:
username:
cipherColumn: username
encryptorName: name-encryptor
pwd:
cipherColumn: pwd
assistedQueryColumn: assisted_query_pwd
encryptorName: pwd_encryptor
encryptors:
name-encryptor:
type: AES
props:
aes-key-value: 123456abc
pwd_encryptor:
type: assistedTest
Read the YAML configuration to create a data source according to the createDataSource method of YamlShardingSphereDataSourceFactory.
YamlShardingSphereDataSourceFactory.createDataSource(getFile());