nic-6443 opened a new pull request, #13624: URL: https://github.com/apache/apisix/pull/13624
### Description The Redis-based rate limiting policies of `limit-count`, `limit-req`, and `limit-conn` accept `redis_password` (and `sentinel_password` for `limit-count`), but these fields were not listed in the plugin schema's `encrypt_fields`. As a result they were stored in plaintext in etcd even when `data_encryption.enable_encrypt_fields` is on, unlike other Redis-using plugins such as `ai-cache` which already encrypts `redis_password`. This PR adds the password fields to each plugin schema's `encrypt_fields`: - `limit-count`: `redis_password`, `sentinel_password` - `limit-req`: `redis_password` - `limit-conn`: `redis_password` With `data_encryption` enabled, these fields are now encrypted at rest in etcd and transparently decrypted at runtime / on Admin API reads. ### Tests Added cases to `t/node/data_encrypt.t` that PUT a route with each plugin using `policy: redis` and a `redis_password`, then assert the Admin API returns the decrypted value while the raw etcd entry stores it encrypted. Plugin docs (en/zh) updated with the standard `encrypt_fields` note. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
