应用场景
datax任务四json配置的,涉及到数据库连接的密码也是明文存储的,严格来说存在账户密码泄露的风险,因此本文主要讲解如何对密码进行加密
datax本身的支持
datax本身实际上支持对json中某个key的value加密,但是官方并没有详细的文档,毕竟开源让你免费用就不错了,公布不负有心人,通过对源码部分的阅读找到了如何使用加密的方式,本文将按照步骤讲解。
详细步骤
1. 下载源码找到com.alibaba.datax.core.util.SecretUtil 中的initKey()函数,用于获取公钥和私钥
请自己找到这个函数,并自己调用,将获取到的公钥和私钥保存下来
2.配置公钥和私钥
vim $DATAX_HOE/conf/.secret.properties
```shell
#ds basicAuth config
auth.user=
auth.pass=
current.keyVersion=v1
# 公钥
current.publicKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAdNyOSpqao0mRQFGsB2qYBq08ctgOHQE4KkTyVBQpjrfdn4aV6/oTvy6s7SONaRPhtjDaNPdUv4idPnyHD5lN0pbYR1z429TnUkdXiyYYG3LzLR6qaVT2+Dty8MVdMzhfNadDh9jayntJq84tOCFw9wh6chF7k7cYWssxuF+bmwIDAQAB
# 私钥
current.privateKey=MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIB03I5KmpqjSZFAUawHapgGrTxy2A4dATgqRPJUFCmOt92fhpXr+hO/LqztI41pE+G2MNo091S/iJ0+fIcPmU3SlthHXPjb1OdSR1eLJhgbcvMtHqppVPb4O3LwxV0zOF81p0OH2NrKe0mrzi04IXD3CHpyEXuTtxhayzG4X5ubAgMBAAECgYBGc9GjmPdCaNwodgZVO5wS1VaeGL62vuG0VDqMTeDhCg1918iQ4WO/ANQws78UB9WHrc0NYI9mQ8ZBt8vEp6GEbT0FZd18GRHLJnl2yub/nrA0sQjCAnfqZvvb7Y14gs7a4YY23Wtkw/N2pY3qbzJyrIbz78PDs2r8jS380DaYgQJBAMmDyepVnP+oWkheW00o5OjgRzK5cosAGNym5B1W1fljJJaycflcc6GDw0oxJpfxSaKEjEcsEn+R+nc7qdJk1SMCQQCjMDW23JyYyN4Aedd15lWDtc2HbtNk5hGQ92SnCUr/qdQdnAt6EmjCk5/0+1Lh2TFO+hkx2Xo8GHfMWky2JrMpAkBX+IJzHEDXkuUm5poxCwMzboVmbXLFn5s66Fh5PmlW36MfbnM3Ctcn0V+1ydMxTZJ5sieTAnho3I9c8dznDkHFAkBtaK4qqqBnIw0MnqPhTQt6YdKpgZlDZajTW7pk7ysUXCV1sKBVOLB5/AXbdwDroPWZML7hmCCG2BTBsq0J1sp5AkEAtth0wUmfvDFL2oQjD2mVoHXTZJkspPuxYdXnnLB6QF6XHPYRDyA+2U0tEYgDIQfB2Ez05JpbPziuH4cChpgMcg==
current.service.username=
current.service.password=
3. 利用公钥运行下面的代码,对密码进行加密
import base64
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from Crypto import Random
ENCODING = 'utf-8'
KEY_ALGORITHM_RSA = 'RSA'
def encrypt_rsa(data: str, public_key_str: str) -> str:
"""
使用RSA公钥加密数据
:param data: 要加密的字符串数据
:param public_key_str: Base64编码的公钥字符串
:return: Base64编码的加密结果
"""
try:
# 解码Base64公钥
key_bytes = base64.b64decode(public_key_str)
# 加载公钥
public_key = RSA.import_key(key_bytes)
# 创建加密器
cipher = PKCS1_v1_5.new(public_key)
# 加密数据
encrypted_data = cipher.encrypt(data.encode(ENCODING))
# 返回Base64编码的加密结果
return base64.b64encode(encrypted_data).decode(ENCODING)
except Exception as e:
raise Exception("RSA加密出错") from e
# 使用示例
if __name__ == "__main__":
# 示例公钥(实际使用时替换为你的公钥)
public_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAdNyOSpqao0mRQFGsB2qYBq08ctgOHQE4KkTyVBQpjrfdn4aV6/oTvy6s7SONaRPhtjDaNPdUv4idPnyHD5lN0pbYR1z429TnUkdXiyYYG3LzLR6qaVT2+Dty8MVdMzhfNadDh9jayntJq84tOCFw9wh6chF7k7cYWssxuF+bmwIDAQAB"
data_to_encrypt = "mysqlgame123"
try:
encrypted = encrypt_rsa(data_to_encrypt, public_key)
print(f"加密结果: {encrypted}")
except Exception as e:
print(f"加密失败: {str(e)}")
4. 按要求配置json任务文件
- 要求一:要求被加密的key以*开头
- 要求二:将第三步加密后的密码放在一下*password中
- 要求三:settining中的keyVersion和.secret.properties中的current.keyVersion保持一致
{
"job": {
"setting": {
"speed": {
"channel": 2
},
"errorLimit": {
"record": 0,
"percentage": 0
},
"keyVersion":"v1"
},
"content": [
{
"reader": {
"name": "mysqlreader",
"parameter": {
"username": "数据库用户名",
"*password": "此处就是第三步中对明文密码进行加密后的密文密码",
"column": [
"列1",
"列2"
],
"splitPk": "",
"where": "",
"connection": [
{
"table": [
"表名"
],
"jdbcUrl": [
"jdbc:mysql://ip:3306/库名?serverTimezone=Asia/Shanghai"
]
}
]
}
},
"writer": {
"name": "streamwriter",
"parameter": {
"print": true,
"encoding": "UTF-8"
}
}
}
]
}
}
~