+1. APISIX should be secure by default. Thanks, Ming Wen, Apache APISIX PMC Chair Twitter: _WenMing
Abhishek Choudhary <shreemaanabhis...@apache.org>于2024年3月21日 周四20:12写道: > APISIX supports encrypting fields holding sensitive information like > `password`, `access_token` etc. > This is supported by the `enable_encrypt_fields > < > https://github.com/apache/apisix/blob/c0e3d9150f06c3140a52d145782085d26bc1ea67/conf/config-default.yaml#L121 > >` > configuration field in the config.yaml file which > is `false` by default. > > I propose that we should encrypt such sensitive fields by default by > setting `enable_encrypt_fields` > to `true` to reduce the chances of sensitive information leaks. >
