feature: 启用开发框架内置数据加密

TencentBlueKing · Sep 5, 2023 · 4f77fd0 · 4f77fd0
1 parent 3f51587
commit 4f77fd0
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/config/default.py b/config/default.py
@@ -804,8 +804,17 @@ def check_engine_admin_permission(request, *args, **kwargs):
             },
         },
     },
+    "SYMMETRIC_CIPHERS": {
+        "default": {"get_key_config": "gcloud.utils.crypto.get_default_symmetric_key_config"},
+    },
 }
 
+# 启用框架内置数据加密
+BLUEAPPS_ENABLE_DB_ENCRYPTION = True
+# 复用已有的 default 对称加密实例
+BKCRYPTO["SYMMETRIC_CIPHERS"]["blueapps"] = BKCRYPTO["SYMMETRIC_CIPHERS"]["default"]
+
+
 # 加密
 if env.BKPAAS_BK_CRYPTO_TYPE == "SHANGMI":
     BKCRYPTO_ASYMMETRIC_CIPHER_TYPE = bkcrypto_constants.AsymmetricCipherType.SM2.value

diff --git a/gcloud/utils/crypto.py b/gcloud/utils/crypto.py
@@ -18,6 +18,7 @@
 from bkcrypto.constants import AsymmetricCipherType
 from bkcrypto.contrib.django.ciphers import asymmetric_cipher_manager
 from bkcrypto.contrib.django.selectors import AsymmetricCipherSelector
+from bkcrypto.symmetric.configs import KeyConfig as SymmetricKeyConfig
 from django.conf import settings
 
 
@@ -42,6 +43,16 @@ def get_default_asymmetric_key_config(cipher_type: str) -> AsymmetricKeyConfig:
     )
 
 
+def get_default_symmetric_key_config(cipher_type: str) -> SymmetricKeyConfig:
+    """
+    获取项目默认对称加密配置
+    :param cipher_type:
+    :return:
+    """
+    # 统一使用 APP_SECRET 作为对称加密密钥，SDK 会截断，取符合预期的 key length
+    return SymmetricKeyConfig(key=settings.SECRET_KEY)
+
+
 def decrypt(ciphertext: str, using: typing.Optional[str] = None) -> str:
     using = using or "default"
     # 1. 尝试根据前缀解密

diff --git a/requirements.txt b/requirements.txt
@@ -62,7 +62,7 @@ importlib-metadata==3.7.3
 protobuf==3.19.4
 
 # blueapps
-blueapps[opentelemetry]==4.7.0
+blueapps[opentelemetry, bkcrypto]==4.8.0
 whitenoise==5.2.0
 raven==6.5.0
 python-json-logger==2.0.1