<p class="shortdesc">使用此功能时需要传入加密方式环境变量，版本要求：<strong class="ph b">PAFA-Cloud-Kong需要1.2.9版本或以上。</strong></p> <section class="section" id="SecKey__section_amy_xs5_3sb"><h2 class="doc-tairway">cyberark加密</h2> <ol class="ol" id="SecKey__ol_gtd_1t5_3sb"> <li class="li"><strong class="ph b">适用场景</strong><p class="p">① 限流插件中的Redis密码（2.x版本适用）</p><p class="p">② PACAS插件中的v_password（2.0.3版本及以上适用）</p><p class="p">密码：<strong class="ph b">CyberArk(object)</strong></p></li> <li class="li"><strong class="ph b">环境变量</strong><div class="p"> <table class="table" id="SecKey__table_qny_ct5_3sb"><caption></caption><colgroup><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="SecKey__table_qny_ct5_3sb__entry__1"><strong class="ph b">环境变量</strong></th> <th class="entry" id="SecKey__table_qny_ct5_3sb__entry__2"><strong class="ph b">值</strong></th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__1 "> <p class="p">KONG_CYBERARK_URL</p> </td> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__2 "> <p class="p">cyberark服务地址。生产</p> </td> </tr> <tr class="row"> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__1 "> <p class="p">KONG_CYBERARK_SAFE</p> </td> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__2 "> <p class="p">cyberark密码加密服务</p> </td> </tr> <tr class="row"> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__1 "> <p class="p">KONG_CYBERARK_FOLDER</p> </td> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__2 "> <p class="p"></p> </td> </tr> <tr class="row"> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__1 "> <p class="p">KONG_CYBERARK_APP_ID</p> </td> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__2 "> <p class="p"></p> </td> </tr> <tr class="row"> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__1 "> <p class="p">KONG_CYBERARK_APP_KEY</p> </td> <td class="entry" headers="SecKey__table_qny_ct5_3sb__entry__2 "> <p class="p"></p> </td> </tr> </tbody></table> </div></li> </ol> </section> <section class="section" id="SecKey__section_vcf_kt5_3sb"><h2 class="doc-tairway">aesecb加密</h2> <p class="p">此功能仅适用于自部署Postgresql模式，不适用于配置中心版的PAFA-Cloud-Kong。</p> <div class="p"> <ol class="ol" id="SecKey__ol_pdd_mt5_3sb"> <li class="li"><strong class="ph b">环境变量</strong><table class="table frame-all" id="SecKey__table_gtq_yt5_3sb"><caption><span class="table--title-label">表1 </span><span class="title"></span></caption><colgroup><col style="width:50%"><col style="width:50%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry colsep-1 rowsep-1" id="SecKey__table_gtq_yt5_3sb__entry__1">环境变量</th> <th class="entry colsep-1 rowsep-1" id="SecKey__table_gtq_yt5_3sb__entry__2">值</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="SecKey__table_gtq_yt5_3sb__entry__1 "> <p class="p">KONG_PG_PASSWORD_ALG</p> </td> <td class="entry colsep-1 rowsep-1" headers="SecKey__table_gtq_yt5_3sb__entry__2 "> <p class="p">aesecb</p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="SecKey__table_gtq_yt5_3sb__entry__1 "> <p class="p">KONG_PG_PASSWORD_ALG_AES_KEY</p> </td> <td class="entry colsep-1 rowsep-1" headers="SecKey__table_gtq_yt5_3sb__entry__2 "> <p class="p">aes加密Key（长度必须是16/24/32）</p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="SecKey__table_gtq_yt5_3sb__entry__1 "> <p class="p">KONG_PG_PASSWORD</p> </td> <td class="entry colsep-1 rowsep-1" headers="SecKey__table_gtq_yt5_3sb__entry__2 "> <p class="p">真实密码需要先AES/ECB/PKCS5Padding加密，然后再base64编码</p> </td> </tr> </tbody></table></li> <li class="li"><strong class="ph b">docker运行命令示例</strong><div class="p"> <pre class="pre codeblock" id="SecKey__codeblock_afy_255_3sb"><code>docker run -e KONG_PG_HOST=127.0.0.1 -e KONG_PG_PORT=5432 \ -e KONG_PG_DATABASE=kong -e KONG_PG_USER=postgres \ -e KONG_PG_PASSWORD_ALG=aesecb \ -e KONG_PG_PASSWORD_ALG_AES_KEY=a1886a24183d1afe \ -e KONG_PG_PASSWORD=****** \ pafa-cloud-kong:1.2.9</code></pre> </div></li> <li class="li"><strong class="ph b">AESECB加密的java示例</strong><div class="p"> <pre class="pre codeblock" id="SecKey__codeblock_btw_g55_3sb"><code> /** * AES加密 * @param content 待加密的内容 * @param encryptKey 加密密钥 * @return 加密后的byte[] * @throws Exception */ public static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128, new SecureRandom(encryptKey.getBytes())); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes("UTF-8"), "AES")); return cipher.doFinal(content.getBytes("utf-8")); } /** * AES加密为base 64 code * @param content 待加密的内容 * @param encryptKey 加密密钥 * @return 加密后的base 64 code * @throws Exception</code></pre> </div></li> </ol> </div> </section>