数据加密 YAML 配置方式具有非凡的可读性,通过 YAML 格式,能够快速地理解加密规则之间的依赖关系,ShardingSphere 会根据 YAML 配置,自动完成 ShardingSphereDataSource 对象的创建,减少用户不必要的编码工作。
rules:
- !ENCRYPT
tables:
<table_name> (+): # 加密表名称
columns:
<column_name> (+): # 加密列名称
cipher:
name: # 密文列名称
encryptorName: # 密文列加密算法名称
assistedQuery (?):
name: # 查询辅助列名称
encryptorName: # 查询辅助列加密算法名称
likeQuery (?):
name: # 模糊查询列名称
encryptorName: # 模糊查询列加密算法名称
# 加密算法配置
encryptors:
<encrypt_algorithm_name> (+): # 加解密算法名称
type: # 加解密算法类型
props: # 加解密算法属性配置
# ...
算法类型的详情,请参见内置加密算法列表。
数据加密 YAML 配置如下:
dataSources:
unique_ds:
dataSourceClassName: com.zaxxer.hikari.HikariDataSource
driverClassName: com.mysql.jdbc.Driver
jdbcUrl: jdbc:mysql://localhost:3306/demo_ds?serverTimezone=UTC&useSSL=false&useUnicode=true&characterEncoding=UTF-8
username: root
password:
rules:
- !ENCRYPT
tables:
t_user:
columns:
username:
cipher:
name: username
encryptorName: aes_encryptor
assistedQuery:
name: assisted_query_username
encryptorName: assisted_encryptor
likeQuery:
name: like_query_username
encryptorName: like_encryptor
pwd:
cipher:
name: pwd
encryptorName: aes_encryptor
assistedQuery:
name: assisted_query_pwd
encryptorName: assisted_encryptor
encryptors:
aes_encryptor:
type: AES
props:
aes-key-value: 123456abc
digest-algorithm-name: SHA-1
assisted_encryptor:
type: MD5
like_encryptor:
type: CHAR_DIGEST_LIKE
然后通过 YamlShardingSphereDataSourceFactory 的 createDataSource 方法创建数据源。
YamlShardingSphereDataSourceFactory.createDataSource(getFile());