Class: Fluent::EncryptFilter

Inherits:

Filter

Object
Filter
Fluent::EncryptFilter

show all

Defined in:: lib/fluent/plugin/filter_encrypt.rb

Constant Summary collapse

SUPPORTED_ALGORITHMS =

{
  aes_256_cbc: { name: "AES-256-CBC", use_iv: true },
  aes_192_cbc: { name: "AES-192-CBC", use_iv: true },
  aes_128_cbc: { name: "AES-128-CBC", use_iv: true },
  aes_256_ecb: { name: "AES-256-ECB", use_iv: false },
  aes_192_ecb: { name: "AES-192-ECB", use_iv: false },
  aes_128_ecb: { name: "AES-128-ECB", use_iv: false },
}

Instance Attribute Summary collapse

#target_keys ⇒ Object readonly

Returns the value of attribute target_keys.

Instance Method Summary collapse

Instance Attribute Details

#target_keys ⇒ `Object` (readonly)

Returns the value of attribute target_keys.



25
26
27

# File 'lib/fluent/plugin/filter_encrypt.rb', line 25

def target_keys
  @target_keys
end

Instance Method Details

#configure(conf) ⇒ `Object`

# File 'lib/fluent/plugin/filter_encrypt.rb', line 27

def configure(conf)
  super

  @target_keys = @keys + [@key]
  if @target_keys.empty?
    raise Fluent::ConfigError, "no keys specified to be encrypted"
  end

  algorithm = SUPPORTED_ALGORITHMS[@algorithm]
  if algorithm[:use_iv] && !@encrypt_iv_hex
    raise Fluent::ConfigError, "Encryption algorithm #{@algorithm} requires 'encrypt_iv_hex'"
  end

  @enc_key = Base64.decode64(@encrypt_key_hex)
  @enc_iv = if @encrypt_iv_hex
              Base64.decode64(@encrypt_iv_hex)
            else
              nil
            end
  @enc_generator = ->(){
    enc = OpenSSL::Cipher.new(algorithm[:name])
    enc.encrypt
    enc.key = @enc_key
    enc.iv  = @enc_iv if @enc_iv
    enc
  }
end

#encrypt(value) ⇒ `Object`

# File 'lib/fluent/plugin/filter_encrypt.rb', line 69

def encrypt(value)
  encrypted = ""
  enc = @enc_generator.call()
  encrypted << enc.update(value)
  encrypted << enc.final
  Base64.encode64(encrypted)
end

#filter_stream(tag, es) ⇒ `Object`

# File 'lib/fluent/plugin/filter_encrypt.rb', line 55

def filter_stream(tag, es)
  new_es = MultiEventStream.new
  es.each do |time, record|
    r = record.dup
    record.each_pair do |key, value|
      if @target_keys.include?(key)
        r[key] = encrypt(value)
      end
    end
    new_es.add(time, r)
  end
  new_es
end

Class: Fluent::EncryptFilter

Constant Summary collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#target_keys ⇒ Object (readonly)

Instance Method Details

#configure(conf) ⇒ Object

#encrypt(value) ⇒ Object

#filter_stream(tag, es) ⇒ Object

#target_keys ⇒ `Object` (readonly)

#configure(conf) ⇒ `Object`

#encrypt(value) ⇒ `Object`

#filter_stream(tag, es) ⇒ `Object`