- Notifications
You must be signed in to change notification settings - Fork28
update cipher keys documentation#97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
YashodhanJoshi1 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
- We need to specify that
decryptfunction does a brute force decryption, i.e. it will try to decrypt anything that looks-like base64 in given input and if successful give decrypted value, or copy as-is to the result. - We also need to add a warning to
decryptthat because of above behavior it can be slower on larger input fields. It can be around ~10% slower on < 500 character inputs, but as the input size grows, it can reach 50%-100% slowness on fields larger than 10000 characters - We need to also show array examples in decrypt path, and maybe give few example without screenshots of how various paths (with and without array) correspond to object keys,
| ``` | ||
| Here: | ||
| - `encrypted_fiel`d: The field containing the encrypted value. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
typo: backtick should be after d
| SELECT decrypt(user_data, 'user_data_decryption_key') as decrypted_user_data FROM user_activity_stream; | ||
| Here: | ||
| - `encrypted_fiel`d: The field containing the encrypted value. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
same typo
| - **Incorrect Encryption Key Type (Simple or Tink):** When storing encryption keys, ensure you use the correct key type (Simple or Tink). If an incompatible key type is used, the system will show an error, and the key remains unsaved. | ||
| - **Invalid Akeyless Credentials:** If you enter invalid Akeyless credentials during CipherKey creation or update, the system will reject the operation and show an error message. Correct the credentials and try again. | ||
| - **Invalid Akeyless Credentials:** If you enter invalid Akeyless credentials during**CipherKe**y creation or update, the system will reject the operation and show an error message. Correct the credentials and try again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
typo in** afterKe
| @@ -53,17 +53,21 @@ Follow these steps to create and configure **Cipher Keys** in OpenObserve: | |||
| You can retrieve original values from encrypted logs using the `decrypt()` and `decrypt_path()` functions. These functions operate at query time and do not write decrypted data to disk. | |||
| ### Use the `decrypt` function | |||
| Use the `decrypt()` function when the encrypted field contains a non-nested value value. | |||
| Use the `decrypt()` function when the encrypted field contains a non-nested value. | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is incorrect. In fact decrypt can be used for nested values, and the intention is to decrypt everything when the exact structure or path is not know. I think we should remove this line.
| Use the `decrypt()` function when the encrypted field contains a non-nested value value. | ||
| Use the `decrypt()` function when the encrypted field contains a non-nested value. | ||
| The `decrypt()` function performs brute-force decryption. It attempts to decrypt any value in the input that appears to be base64-encoded. If the decryption is successful, the value is replaced with the decrypted output. If not, the value is returned unchanged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
change :It attempts to decrypt any sub-string in the input ...is successful, the sub-string is replaced...If not, the sub-string is retained unchanged.
No description provided.