Encrypt fields - Simple Log Service - Alibaba Cloud Documentation Center

If you use Logtail to collect logs, you can use the processor_encrypt plug-in to encrypt specific fields. This topic describes the parameters of the processor_encrypt plug-in. This topic also provides examples on how to configure the plug-in.

Important You can use form configuration to add Logtail plug-ins only if you select Kubernetes - Standard Output in the Import Data section.

Entry point

If you want to use a Logtail plug-in to process logs, you can add a Logtail plug-in configuration when you create or modify a Logtail configuration. For more information, see Entry point.

Usage notes

Form configuration

Set the Processor Type parameter to Field Encryption. The following table describes the parameters.


Parameter	Description
Original Field	The original field that you want to encrypt. You can add multiple fields.
AccessKey Pair	The key. The value is a 64-character hexadecimal string.
Initialization Vector	The initial vector for encryption. The value is a 32-character hexadecimal string. Default value: `00000000000000000000000000000000`.
Storage Path	The path of the file that is used to store encryption parameters.
Retain Raw Data If Processing Fails	If you select this option and the encryption fails, the system retains the value of the original field. If you do not select this option and the encryption fails, the value of the original field is replaced by `ENCRYPT_ERROR`.

Editor configuration in JSON

The following table describes the parameters that you can configure in the detail parameter if you set the type parameter to processor_encrypt.


Parameter	Type	Required	Description
SourceKey	String array	Yes	The name of the original field.
EncryptionParameters	Object	Yes	The key-related configurations.
Key	String	Yes	The key. The value is a 64-character hexadecimal string.
IV	String	No	The initial vector for encryption. The value is a 32-character hexadecimal string. Default value: `00000000000000000000000000000000`.
KeyFilePath	Boolean	No	The path of the file that is used to store encryption parameters.
KeepSourceValueIfError	String	No	Specifies whether to retain the value of the original field if the encryption fails. Valid values: true: retails the value of the original field. false: does not retain the value of the original field. This is the default value. If the encryption fails, the value of the original field is replaced by `ENCRYPT_ERROR`.