Encrypt fields - Simple Log Service - Alibaba Cloud Documentation Center

If you use Logtail to collect logs, you can use the processor_encrypt plug-in to encrypt specific fields. This topic describes the parameters of the processor_encrypt plug-in. This topic also provides examples on how to configure the plug-in.

Entry point

If you want to use a Logtail plug-in to process logs, you can add a Logtail plug-in configuration when you create or modify a Logtail configuration. For more information, see Overview of Logtail plug-ins for data processing.

Usage notes

Form configuration

Set the Processor Type parameter to Field Encryption. The following table describes the parameters.

Parameter	Description
Original Field	The original field that you want to encrypt. You can add multiple fields.
AccessKey Pair	The key. The value is a 64-character hexadecimal string.
Initialization Vector	The initial vector for encryption. The value is a 32-character hexadecimal string. Default value: `00000000000000000000000000000000`.
Storage Path	The file path for reading encryption parameters. If not configured, it follows the `Logtail configuration - input configuration - file path`.
Retain Raw Data If Processing Fails	If you select this option and the encryption fails, the system retains the value of the original field. If you do not select this option and the encryption fails, the value of the original field is replaced by `ENCRYPT_ERROR`.

Editor configuration in JSON

The following table describes the parameters that you can configure in the detail parameter if you set the type parameter to processor_encrypt.

Parameter	Type	Required	Description
SourceKey	String array	Yes	The name of the original field.
EncryptionParameters	Object	Yes	The key-related configurations.
Key	String	Yes	The key. The value is a 64-character hexadecimal string.
IV	String	No	The initial vector for encryption. The value is a 32-character hexadecimal string. Default value: `00000000000000000000000000000000`.
KeyFilePath	Boolean	No	The file path for reading encryption parameters. If not configured, it follows the `Logtail configuration - input configuration - file path`.
KeepSourceValueIfError	String	No	Specifies whether to retain the value of the original field if the encryption fails. Valid values: true: retails the value of the original field. false: does not retain the value of the original field. This is the default value. If the encryption fails, the value of the original field is replaced by `ENCRYPT_ERROR`.