shreemaan-abhishek opened a new pull request, #13612: URL: https://github.com/apache/apisix/pull/13612
### Description The `elasticsearch-logger` plugin recently gained a custom `headers` field (#12994) that can carry secret-bearing values such as `Authorization` or `X-API-Key`. Until now only `auth.password` was listed in `encrypt_fields`, so those header secrets were stored in plaintext in etcd. This PR adds `headers` to `encrypt_fields` so every header value is encrypted with AES at rest, while runtime requests still send the decrypted values. `encrypt_fields` already supports map-of-strings fields, so each value under `headers` is encrypted/decrypted individually. Docs (en + zh) and a data-encryption test for `headers` are included. #### Which issue(s) this PR fixes: ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [x] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
