feat(security): add AES-256-GCM encryption for sensitive data storage with backward compatibility#547
Open
hawk9821 wants to merge 1 commit into
Open
feat(security): add AES-256-GCM encryption for sensitive data storage with backward compatibility#547hawk9821 wants to merge 1 commit into
hawk9821 wants to merge 1 commit into
Conversation
… with backward compatibility
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Describe what this PR does / why we need it
This PR adds AES-256-GCM encryption for sensitive data storage (datasource passwords, API keys, proxy passwords) to eliminate plaintext credential storage security risk.
The system currently stores sensitive information in plaintext in the database, which poses a security risk if the database is compromised. This PR introduces a transparent encryption layer that:
Does this pull request fix one issue?
NONE
Describe how you did it
CryptoUtil: New utility class implementing AES-256-GCM encryption with:
encrypt()/decrypt()for standard operationsdecryptOrReturn()for transparent backward compatibility (auto-detects encrypted vs plaintext)isEncrypted()heuristic check using Base64 + GCM structure validationmain()method for CLI key generationEncryptionProperties: Spring
@ConfigurationPropertiesclass bindingspring.ai.alibaba.data-agent.encrypt-keyfrom environment variableDATA_AGENT_ENCRYPT_KEYService Layer Integration:
DatasourceServiceImpl: encryptspassword/connectionUrlon create/update, decrypts on readModelConfigDataServiceImpl: encryptsapiKey/proxyPasswordon add/update, decrypts on readBackward Compatibility: Uses
decryptOrReturn()which:Describe how to verify it
Unit Tests:
All 70 tests pass, including 27 CryptoUtil tests covering encryption, decryption, backward compatibility, and edge cases.
Manual Verification:
DATA_AGENT_ENCRYPT_KEY→ system works as before (plaintext)DATA_AGENT_ENCRYPT_KEYand create datasource → verify password is encrypted in databaseKey Generation:
Special notes for reviews
encrypt-keyis not configured, encryption is completely disabled and behavior is identical to before.datasource.password,datasource.connection_url,model_config.api_key,model_config.proxy_password