Background Currently, the key_encrypt_salt cannot be changed once users use it to encrypt the private key, otherwise, Apache APISIX cannot decrypt the private key correctly. This may become a pain point when the user leaks the salt.
Goals As a user, I can configure multiple key_encrypt_salt for Apache APISIX, and Apache APISIX will use them to decrypt private keys in turn. Detailed Design change the key_encrypt_salt in config-default.yaml to an array key_encrypt_salt: # If not set, will save origin ssl key into etcd. - edd1c9f0985e76a2 - dbacdeffa234sf1d Only use the first key to encrypt local keys = get_keys_from_yaml_config() local key if type(keys) == "string" then key = keys else key = keys[1] end encrypt(key) Do decrypt in the order of the arrays, and if the decryption fails, it is tried in order from front to back local keys = get_keys_from_yaml_config() if type(keys) == "string" then decrypt(keys) else for _, key in ipairs(keys) then if decrypt(key) then break end end end The old config file will not be modified and needs to be compatible with the case where key_encrypt_salt is not an array
