When you collect logs with Logtail, you can use the processor_encrypt plugin to encrypt specific fields. This topic describes the parameters of the processor_encrypt plugin and provides configuration examples.
Entry point
To use a Logtail plugin to process logs, you can add a plugin configuration when you create or modify a Logtail collection configuration. For more information, see Overview of Logtail plugins for data processing.
Configuration description
Form-based configuration
You can set Processor Type to Field Encryption. The following table describes the parameters.
Parameter | Description |
Original Fields | The original fields to encrypt. You can add multiple fields. |
Key | The encryption key. The key must be a 64-character hexadecimal string. |
Initialization Vector | The initialization vector (IV) for encryption. The IV must be a 32-character hexadecimal string. Default value: |
File Path | The file path from which to read the encryption parameters. If this parameter is not configured, the system reads the parameters from the path specified in Logtail Configuration > Input > File Path. |
Retain Original Data On Failure | If you select this option, the system retains the original field value if encryption fails. If you do not select this option, the field value is replaced with |
JSON configuration
You can set type to processor_encrypt. The following table describes the parameters in the detail field.
Parameter | Type | Required | Description |
SourceKey | String array | Yes | The names of the original fields. |
EncryptionParameters | Object | Yes | The configurations for the encryption key. |
Key | String | Yes | The encryption key. The key must be a 64-character hexadecimal string. |
IV | String | No | The initialization vector (IV) for encryption. The IV must be a 32-character hexadecimal string. Default value: |
KeyFilePath | Boolean | No | The file path from which to read the encryption parameters. If this parameter is not configured, the system reads the parameters from the path specified in Logtail Configuration > Input > File Path. |
KeepSourceValueIfError | String | No | Specifies whether to retain the original field value if encryption fails.
|
References
Configure a Logtail pipeline using API operations:
GetLogtailPipelineConfig - Get a Logtail pipeline configuration
ListLogtailPipelineConfig - List Logtail pipeline configurations
CreateLogtailPipelineConfig - Create a Logtail pipeline configuration
DeleteLogtailPipelineConfig - Delete a Logtail pipeline configuration
UpdateLogtailPipelineConfig - Update a Logtail pipeline configuration
Configure a processor plugin in the console:
Collect container logs from a Kubernetes cluster using a CRD (stdout/file)