Jzjsnow commented on code in PR #3468: URL: https://github.com/apache/amoro/pull/3468#discussion_r1997855621
########## docs/admin-guides/using-customized-encryption-method-for-configurations.md: ########## @@ -0,0 +1,108 @@ +--- +title: "Using Customized Encryption Method for Configurations" +url: using-customized-encryption-method +aliases: +- "admin-guides/using-customized-encryption-method" +menu: +main: +parent: Admin Guides +weight: 400 +--- +<!-- + - Licensed to the Apache Software Foundation (ASF) under one or more + - contributor license agreements. See the NOTICE file distributed with + - this work for additional information regarding copyright ownership. + - The ASF licenses this file to You under the Apache License, Version 2.0 + - (the "License"); you may not use this file except in compliance with + - the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, software + - distributed under the License is distributed on an "AS IS" BASIS, + - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + - See the License for the specific language governing permissions and + - limitations under the License. + --> +# Using Customized Encryption Method for Configurations +To enhance security, AMS allows encrypted sensitive configuration items such as passwords. Currently, AMS only supports the built-in base64 encryption algorithm (see [Configure encrypted configuration items](../deployment/#configure-encrypted-sensitive-configuration-items) for details). If you require a stronger or customized encryption method, AMS also provides the flexibility to implement your own encryption algorithm. +## Develop the Custom Implementation +To integrate a custom encryption algorithm, you need to create a Java class that implements the `ConfigShade` interface and package it as a service. +### Add Maven Dependency + If using a Maven project, add the following dependency to your `pom.xml`: +```xml +<dependency> + <groupId>org.apache.amoro</groupId> + <artifactId>amoro-common</artifactId> + <version>${amoro.version}</version> + <scope>provided</scope> +</dependency> +``` + +### Implement the `ConfigShade` Interface +Create a Java class that implements the `ConfigShade` interface. This class will handle decryption for sensitive configuration values. + +```java +/** + * The interface that provides the ability to decrypt {@link + * org.apache.amoro.config.Configurations}. + */ +public interface ConfigShade { + /** + * Initializes the custom instance using the service configurations. + * + * This method can be useful when decryption requires an external file (e.g. a key file) + * defined in the service configs. + */ + default void initialize(Configurations serviceConfig) throws Exception {} + + /** + * The unique identifier of the current interface, used it to select the correct {@link + * ConfigShade}. + */ + String getIdentifier(); + + /** + * Decrypt the content. + * + * @param content The content to decrypt + */ + String decrypt(String content); +} +``` +In this interface, the method `getIdentifier()` returns the unique identifier for your encryption algorithm, which is used to configure the `ams.shade.identifier`. The `decrypt(String content)` method is used to decrypt the input ciphertext. Review Comment: Here we have stated that `getIdentifier()` returns a unique identifier for this encryption method, which I think is explicitly emphasized. In the latest commit, I bolded the “unique” here, and hinted at not sharing the same name as the existing "default" and "base64". ########## docs/admin-guides/using-customized-encryption-method-for-configurations.md: ########## @@ -0,0 +1,108 @@ +--- +title: "Using Customized Encryption Method for Configurations" +url: using-customized-encryption-method +aliases: +- "admin-guides/using-customized-encryption-method" +menu: +main: +parent: Admin Guides +weight: 400 +--- +<!-- + - Licensed to the Apache Software Foundation (ASF) under one or more + - contributor license agreements. See the NOTICE file distributed with + - this work for additional information regarding copyright ownership. + - The ASF licenses this file to You under the Apache License, Version 2.0 + - (the "License"); you may not use this file except in compliance with + - the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, software + - distributed under the License is distributed on an "AS IS" BASIS, + - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + - See the License for the specific language governing permissions and + - limitations under the License. + --> +# Using Customized Encryption Method for Configurations +To enhance security, AMS allows encrypted sensitive configuration items such as passwords. Currently, AMS only supports the built-in base64 encryption algorithm (see [Configure encrypted configuration items](../deployment/#configure-encrypted-sensitive-configuration-items) for details). If you require a stronger or customized encryption method, AMS also provides the flexibility to implement your own encryption algorithm. +## Develop the Custom Implementation +To integrate a custom encryption algorithm, you need to create a Java class that implements the `ConfigShade` interface and package it as a service. +### Add Maven Dependency + If using a Maven project, add the following dependency to your `pom.xml`: +```xml +<dependency> + <groupId>org.apache.amoro</groupId> + <artifactId>amoro-common</artifactId> + <version>${amoro.version}</version> + <scope>provided</scope> +</dependency> +``` + +### Implement the `ConfigShade` Interface +Create a Java class that implements the `ConfigShade` interface. This class will handle decryption for sensitive configuration values. + +```java +/** + * The interface that provides the ability to decrypt {@link + * org.apache.amoro.config.Configurations}. + */ +public interface ConfigShade { + /** + * Initializes the custom instance using the service configurations. + * + * This method can be useful when decryption requires an external file (e.g. a key file) + * defined in the service configs. + */ + default void initialize(Configurations serviceConfig) throws Exception {} + + /** + * The unique identifier of the current interface, used it to select the correct {@link + * ConfigShade}. + */ + String getIdentifier(); + + /** + * Decrypt the content. + * + * @param content The content to decrypt + */ + String decrypt(String content); +} +``` +In this interface, the method `getIdentifier()` returns the unique identifier for your encryption algorithm, which is used to configure the `ams.shade.identifier`. The `decrypt(String content)` method is used to decrypt the input ciphertext. + +### Register the Custom Implementation +Create a file named `org.apache.amoro.config.shade.ConfigShade` under `resources/META-INF/services/` and add the fully qualified class name of your implementation: +```j +com.example.shade.Base64ConfigShade +``` Review Comment: Sure, in the section "Implement the `ConfigShade` Interface", we now add the example implementation class `com.example.shade.Base64CustomConfigShade` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
