shreemaan-abhishek opened a new pull request, #13612:
URL: https://github.com/apache/apisix/pull/13612

   ### Description
   
   The `elasticsearch-logger` plugin recently gained a custom `headers` field 
(#12994) that can carry secret-bearing values such as `Authorization` or 
`X-API-Key`. Until now only `auth.password` was listed in `encrypt_fields`, so 
those header secrets were stored in plaintext in etcd.
   
   This PR adds `headers` to `encrypt_fields` so every header value is 
encrypted with AES at rest, while runtime requests still send the decrypted 
values. `encrypt_fields` already supports map-of-strings fields, so each value 
under `headers` is encrypted/decrypted individually.
   
   Docs (en + zh) and a data-encryption test for `headers` are included.
   
   #### Which issue(s) this PR fixes:
   
   ### Checklist
   
   - [x] I have explained the need for this PR and the problem it solves
   - [x] I have explained the changes or the new features added to this PR
   - [x] I have added tests corresponding to this change
   - [x] I have updated the documentation to reflect this change
   - [x] I have verified that this change is backward compatible


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to