CREATE ENCRYPT RULE 语法用于创建数据加密规则。
CreateEncryptRule ::=
'CREATE' 'ENCRYPT' 'RULE' ifNotExists? encryptDefinition (',' encryptDefinition)*
ifNotExists ::=
'IF' 'NOT' 'EXISTS'
encryptDefinition ::=
ruleName '(' 'COLUMNS' '(' columnDefinition (',' columnDefinition)* ')' ')'
columnDefinition ::=
'(' 'NAME' '=' columnName ',' 'CIPHER' '=' cipherColumnName (',' 'ASSISTED_QUERY' '=' assistedQueryColumnName)? (',' 'LIKE_QUERY' '=' likeQueryColumnName)? ',' encryptAlgorithmDefinition (',' assistedQueryAlgorithmDefinition)? (',' likeQueryAlgorithmDefinition)? ')'
encryptAlgorithmDefinition ::=
'ENCRYPT_ALGORITHM' '(' 'TYPE' '(' 'NAME' '=' encryptAlgorithmType (',' propertiesDefinition)? ')'
assistedQueryAlgorithmDefinition ::=
'ASSISTED_QUERY_ALGORITHM' '(' 'TYPE' '(' 'NAME' '=' encryptAlgorithmType (',' propertiesDefinition)? ')'
likeQueryAlgorithmDefinition ::=
'LIKE_QUERY_ALGORITHM' '(' 'TYPE' '(' 'NAME' '=' encryptAlgorithmType (',' propertiesDefinition)? ')'
propertiesDefinition ::=
'PROPERTIES' '(' key '=' value (',' key '=' value)* ')'
tableName ::=
identifier
columnName ::=
identifier
cipherColumnName ::=
identifier
assistedQueryColumnName ::=
identifier
likeQueryColumnName ::=
identifier
encryptAlgorithmType ::=
string
key ::=
string
value ::=
literal
CIPHER 指定密文数据列,ASSISTED_QUERY 指定辅助查询列,LIKE_QUERY 指定模糊查询列;encryptAlgorithmType 指定加密算法类型,请参考 加密算法;ruleName 将无法被创建;ifNotExists 子句用于避免出现 Duplicate encrypt rule 错误。CREATE ENCRYPT RULE t_encrypt (
COLUMNS(
(NAME=user_id,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
(NAME=order_id, CIPHER =order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))))
)),
t_encrypt_2 (
COLUMNS(
(NAME=user_id,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
(NAME=order_id, CIPHER=order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc'))))
));
ifNotExists 子句创建数据加密规则CREATE ENCRYPT RULE IF NOT EXISTS t_encrypt (
COLUMNS(
(NAME=user_id,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
(NAME=order_id, CIPHER =order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc'))))
)),
t_encrypt_2 (
COLUMNS(
(NAME=user_id,CIPHER=user_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc')))),
(NAME=order_id, CIPHER=order_cipher,ENCRYPT_ALGORITHM(TYPE(NAME='AES',PROPERTIES('aes-key-value'='123456abc'))))
));
CREATE、ENCRYPT、RULE、COLUMNS、NAME、CIPHER、ASSISTED_QUERY、LIKE_QUERY、ENCRYPT_ALGORITHM、ASSISTED_QUERY_ALGORITHM、LIKE_QUERY_ALGORITHM、TYPE、TRUE、FALSE