All Products
Search

This Product

    Simple Log Service:Extended plug-in: Field Encryption

    Document Center

    Simple Log Service:Extended plug-in: Field Encryption

    Last Updated:Apr 22, 2025

    If you use Logtail to collect logs, you can use the processor_encrypt plug-in to encrypt specific fields. This topic describes the parameters of the processor_encrypt plug-in and provides examples on how to configure the plug-in.

    Entry point

    If you want to use a Logtail plug-in to process logs, you can add a Logtail plug-in configuration when you create or modify a Logtail configuration. For more information, see Overview of Logtail plug-ins for data processing.

    Configuration description

    Form configuration

    Set the Processor Type parameter to Field Encryption. Then, configure other parameters based on the following table.

    Parameter

    Description

    Original Field

    The original field that you want to encrypt. You can add multiple fields.

    AccessKey Pair

    The key. The value is a 64-character hexadecimal string.

    Initialization Vector

    The initial vector for encryption. The value is a 32-character hexadecimal string. Default value: 00000000000000000000000000000000.

    Storage Path

    The file path that is used to read encryption parameters. If you do not configure this parameter, you can read encryption parameters based on the following instructions: Logtail Configuration > Input Configurations > File Path.

    Retain Raw Data If Processing Fails

    If you select this option and the encryption fails, the system retains the value of the original field.

    If you do not select this option and the encryption fails, the value of the original field is replaced with ENCRYPT_ERROR.

    Editor configuration in JSON

    Set the type parameter to processor_encrypt. Then, configure other parameters in the detail section based on the following table.

    Parameter

    Type

    Required

    Description

    SourceKey

    String array

    Yes

    The name of the original field.

    EncryptionParameters

    Object

    Yes

    The key-related configurations.

    Key

    String

    Yes

    The key. The value is a 64-character hexadecimal string.

    IV

    String

    No

    The initial vector for encryption. The value is a 32-character hexadecimal string. Default value: 00000000000000000000000000000000.

    KeyFilePath

    Boolean

    No

    The file path that is used to read encryption parameters. If you do not configure this parameter, you can read encryption parameters based on the following instructions: Logtail Configuration > Input Configurations > File Path.

    KeepSourceValueIfError

    String

    No

    Specifies whether to retain the value of the original field if the encryption fails. Valid values:

    • true

    • false (default)

      If the encryption fails, the value of the original field is replaced with ENCRYPT_ERROR.