ddConfig Encryption and Referencing
Encrypted values are internally decrypted and returned to calling erlang functions directly.
{enc,0} is version 0 encryption (erlang cluster cookie RC4 encryption).
It will be possible to introduce stronger encryption support in future and support/maintain/auto-migrate multiple encryption versions in a backward compatible way.
Implementation is transparent and compatible with all existing projects (using imem) without any code change.
which can be accessed from erlang code as follows:
> imem_config:get_config_hlk(ddConfig, {app,mod,secret1}, owner, [node()], default, "").
"some secret"
> imem_config:get_config_hlk(ddConfig, {app,mod,secret2}, owner, [node()], default, "").
{2,"some secret2"}
> imem_config:get_config_hlk(ddConfig, {app,mod,secret3}, owner, [node()], default, "").
#{k => {<<"key">>,"some secret2"}}Now using referencing we can reference these configs directly or in a composed erlang structure as in follow example:
and still access them from erlang code using same API and transparently:
> imem_config:get_config_hlk(ddConfig, {app,mod,ref}, owner, [node()], default, "").
"some secret"
> imem_config:get_config_hlk(ddConfig, {app,mod,ref1}, owner, [node()], default, "").
{"some secret",{2,"some secret2"}}
> imem_config:get_config_hlk(ddConfig, {app,mod,ref2}, owner, [node()], default, "").
#{secret1 => "some secret",
secret2 => {2,"some secret2"},
secret3 => #{k => {<<"key">>,"some secret2"}}}Reference chaining is also possible:
> imem_config:get_config_hlk(ddConfig, {app,mod,ref3}, owner, [node()], default, "").
["some secret",
{"some secret",{2,"some secret2"}},
#{secret1 => "some secret",
secret2 => {2,"some secret2"},
secret3 => #{k => {<<"key">>,"some secret2"}}}]Encrypted Reference:
{"hkl": "[{app,mod,ref4}]",
"val": "[<<\"+FJALDo4UXcPxWDQID/TuaxU0KJP5GyIrfOp6IMAvrOmKls+hJZ+aeXjCPgL94f0xcNTNLE/OCyzKK2FBRkOXi9lejSV1J2qxIm+KK02ycj/zRgNpg1Q+gao2Z+BSBYt4XwDr6ZKXipECpKMKJ5UCBUmG9+XuhWj1lE+E13KWnBHhtTgz2SSrTTjjQs+\">>|{enc,0}]",
"owner": "mod",
"remark": "encrypted reference to #{ref1 => [[{app,mod,ref1}]|ref],ref2 => [[{app,mod,ref2}]|ref],ref3 => [[{app,mod,ref3}]|ref]}"},> imem_config:get_config_hlk(ddConfig, {app,mod,ref4}, owner, [node()], default, "").
#{ref1 => {"some secret",{2,"some secret2"}},
ref2 => #{secret1 => "some secret",
secret2 => {2,"some secret2"},
secret3 => #{k => {<<"key">>,"some secret2"}}},
ref3 => ["some secret",
{"some secret",{2,"some secret2"}},
#{secret1 => "some secret",
secret2 => {2,"some secret2"},
secret3 => #{k => {<<"key">>,"some secret2"}}}]}Partially encrypted erlang term with deep-references:
{"hkl": "[{app,mod,ref5}]",
"val": "#{ref => [[{app,mod,ref}]|ref],
ref4 => [<<\"+FJALDo4UXcPxWDQID/TuaxU0KJP5GyIrfOp6IMAvrOmKls+hJZ+aeXjCPgL94f0xcNTNLE/OCyzKK2FBRkOXi9lejSV1J2qxIm+KK02ycj/zRgNpg1Q+gao2Z+BSBYt4XwDr6ZKXipECpKMKJ5UCBUmG9+XuhWj1lE+E13KWnBHhtTgz2SSrTTjjQs+\">>|{enc,0}]}",
"owner": "mod",
"remark": "partially encrypted map with references"}> imem_config:get_config_hlk(ddConfig, {app,mod,ref5}, owner, [node()], default, "").
#{ref => "some secret",
ref4 => #{ref1 => {"some secret",{2,"some secret2"}},
ref2 => #{secret1 => "some secret",
secret2 => {2,"some secret2"},
secret3 => #{k => {<<"key">>,"some secret2"}}},
ref3 => ["some secret",
{"some secret",{2,"some secret2"}},
#{secret1 => "some secret",
secret2 => {2,"some secret2"},
secret3 => #{k => {<<"key">>,"some secret2"}}}]}}Currently:
- improper lists are not editable in DDErl
- there are no prevention for circular reference