This is an automated email from the ASF dual-hosted git repository.
monkeydluffy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 75cff5ecb change: unify the keyring and key_encrypt_salt fields
(#10771)
75cff5ecb is described below
commit 75cff5ecbab452dfe2de34846ac9dfd455d28d7c
Author: Derobukal <[email protected]>
AuthorDate: Thu Jan 25 16:18:10 2024 +0800
change: unify the keyring and key_encrypt_salt fields (#10771)
---
apisix/cli/file.lua | 2 +-
apisix/cli/schema.lua | 7 +++-
apisix/plugin.lua | 3 +-
apisix/ssl.lua | 39 +++++----------------
conf/config-default.yaml | 22 ++++--------
t/admin/ssl2.t | 8 ++---
t/admin/ssl4.t | 62 +++++++++++++++++-----------------
t/node/data_encrypt.t | 22 ++++++------
t/node/data_encrypt2.t | 24 ++++++-------
t/node/upstream-mtls.t | 4 +--
t/plugin/authz-casdoor.t | 2 +-
t/plugin/authz-keycloak3.t | 2 +-
t/plugin/csrf.t | 2 +-
t/plugin/elasticsearch-logger.t | 2 +-
t/plugin/error-log-logger-clickhouse.t | 4 +--
t/plugin/google-cloud-logging2.t | 2 +-
t/plugin/hmac-auth3.t | 2 +-
t/plugin/jwt-auth3.t | 4 +--
t/plugin/kafka-proxy.t | 2 +-
t/plugin/openid-connect2.t | 2 +-
t/plugin/rocketmq-logger2.t | 2 +-
t/plugin/sls-logger.t | 2 +-
t/plugin/tencent-cloud-cls.t | 2 +-
23 files changed, 99 insertions(+), 124 deletions(-)
diff --git a/apisix/cli/file.lua b/apisix/cli/file.lua
index 94e790db6..88d0522a7 100644
--- a/apisix/cli/file.lua
+++ b/apisix/cli/file.lua
@@ -175,7 +175,7 @@ local function path_is_multi_type(path, type_val)
return true
end
- if path == "apisix->ssl->key_encrypt_salt" then
+ if path == "apisix->data_encryption->keyring" then
return true
end
diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
index 6f6450b46..836b88f69 100644
--- a/apisix/cli/schema.lua
+++ b/apisix/cli/schema.lua
@@ -224,7 +224,12 @@ local config_schema = {
}
}
},
- key_encrypt_salt = {
+ }
+ },
+ data_encryption = {
+ type = "object",
+ properties = {
+ keyring = {
anyOf = {
{
type = "array",
diff --git a/apisix/plugin.lua b/apisix/plugin.lua
index b5da3f216..3d1256609 100644
--- a/apisix/plugin.lua
+++ b/apisix/plugin.lua
@@ -906,7 +906,8 @@ local enable_data_encryption
local function enable_gde()
if enable_data_encryption == nil then
enable_data_encryption =
- core.table.try_read_attr(local_conf, "apisix", "data_encryption",
"enable")
+ core.table.try_read_attr(local_conf, "apisix", "data_encryption",
+ "enable_encrypt_fields")
_M.enable_data_encryption = enable_data_encryption
end
diff --git a/apisix/ssl.lua b/apisix/ssl.lua
index 282f0f11b..24eefcf6e 100644
--- a/apisix/ssl.lua
+++ b/apisix/ssl.lua
@@ -92,17 +92,6 @@ local function init_iv_tbl(ivs)
end
-local _aes_128_cbc_with_iv_tbl_ssl
-local function get_aes_128_cbc_with_iv_ssl(local_conf)
- if _aes_128_cbc_with_iv_tbl_ssl == nil then
- local ivs = core.table.try_read_attr(local_conf, "apisix", "ssl",
"key_encrypt_salt")
- _aes_128_cbc_with_iv_tbl_ssl = init_iv_tbl(ivs)
- end
-
- return _aes_128_cbc_with_iv_tbl_ssl
-end
-
-
local _aes_128_cbc_with_iv_tbl_gde
local function get_aes_128_cbc_with_iv_gde(local_conf)
if _aes_128_cbc_with_iv_tbl_gde == nil then
@@ -127,43 +116,31 @@ end
function _M.aes_encrypt_pkey(origin, field)
local local_conf = core.config.local_conf()
+ local aes_128_cbc_with_iv_tbl_gde = get_aes_128_cbc_with_iv_gde(local_conf)
+ local aes_128_cbc_with_iv_gde = aes_128_cbc_with_iv_tbl_gde[1]
if not field then
- -- default used by ssl
- local aes_128_cbc_with_iv_tbl_ssl =
get_aes_128_cbc_with_iv_ssl(local_conf)
- local aes_128_cbc_with_iv_ssl = aes_128_cbc_with_iv_tbl_ssl[1]
- if aes_128_cbc_with_iv_ssl ~= nil and core.string.has_prefix(origin,
"---") then
- return encrypt(aes_128_cbc_with_iv_ssl, origin)
+ if aes_128_cbc_with_iv_gde ~= nil and core.string.has_prefix(origin,
"---") then
+ return encrypt(aes_128_cbc_with_iv_gde, origin)
end
else
if field == "data_encrypt" then
- local aes_128_cbc_with_iv_tbl_gde =
get_aes_128_cbc_with_iv_gde(local_conf)
- local aes_128_cbc_with_iv_gde = aes_128_cbc_with_iv_tbl_gde[1]
if aes_128_cbc_with_iv_gde ~= nil then
return encrypt(aes_128_cbc_with_iv_gde, origin)
end
end
end
-
return origin
end
local function aes_decrypt_pkey(origin, field)
- local local_conf = core.config.local_conf()
- local aes_128_cbc_with_iv_tbl
-
- if not field then
- if core.string.has_prefix(origin, "---") then
- return origin
- end
- aes_128_cbc_with_iv_tbl = get_aes_128_cbc_with_iv_ssl(local_conf)
- else
- if field == "data_encrypt" then
- aes_128_cbc_with_iv_tbl = get_aes_128_cbc_with_iv_gde(local_conf)
- end
+ if not field and core.string.has_prefix(origin, "---") then
+ return origin
end
+ local local_conf = core.config.local_conf()
+ local aes_128_cbc_with_iv_tbl = get_aes_128_cbc_with_iv_gde(local_conf)
if #aes_128_cbc_with_iv_tbl == 0 then
return origin
end
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index 3f93ac13f..6636bf096 100755
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -108,16 +108,6 @@ apisix:
# Disabled by default because it renders
Perfect Forward Secrecy (FPS)
# useless. See
https://github.com/mozilla/server-side-tls/issues/135.
- key_encrypt_salt: # This field is only used to encrypt the
private key of SSL.
- - edd1c9f0985e76a2 # Set the encryption key for AES-128-CBC. It
should be a
- # hexadecimal string of length 16.
- # If not set, APISIX saves the original data
into etcd.
- # CAUTION: If you would like to update the
key, add the new key as the
- # first item in the array and keep the older
keys below the newly added
- # key, so that data can be decrypted with the
older keys and encrypted
- # with the new key. Removing the old keys
directly can render the data
- # unrecoverable.
-
# fallback_sni: "my.default.domain" # Fallback SNI to be used if the
client does not send SNI during
# # the handshake.
@@ -128,11 +118,13 @@ apisix:
disable_sync_configuration_during_start: false # Safe exit. TO BE REMOVED.
- data_encryption: # Encrypt fields specified in
`encrypt_fields` in plugin schema.
- enable: false
- keyring: # Set the encryption key for AES-128-CBC. It
should be a
- - qeddd145sfvddff3 # hexadecimal string of length 16.
- # If not set, APISIX saves the original data
into etcd.
+ data_encryption: # Data encryption settings.
+ enable_encrypt_fields: false # Whether enable encrypt fields specified in
`encrypt_fields` in plugin schema.
+ keyring: # This field is used to encrypt the private
key of SSL and the `encrypt_fields`
+ # in plugin schema.
+ - qeddd145sfvddff3 # Set the encryption key for AES-128-CBC. It
should be a hexadecimal string
+ # of length 16.
+ - edd1c9f0985e76a2 # If not set, APISIX saves the original data
into etcd.
# CAUTION: If you would like to update the
key, add the new key as the
# first item in the array and keep the older
keys below the newly added
# key, so that data can be decrypted with
the older keys and encrypted
diff --git a/t/admin/ssl2.t b/t/admin/ssl2.t
index da286db1a..15abf37eb 100644
--- a/t/admin/ssl2.t
+++ b/t/admin/ssl2.t
@@ -431,8 +431,8 @@ qr/"snis":\["update1.com","update2.com"\]/
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: "edd1c9f0985e76a2"
+ data_encryption:
+ keyring: "qeddd145sfvddff3"
--- config
location /t {
content_by_lua_block {
@@ -468,8 +468,8 @@ false
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: "edd1c9f0985e76a2"
+ data_encryption:
+ keyring: "qeddd145sfvddff3"
--- config
location /t {
content_by_lua_block {
diff --git a/t/admin/ssl4.t b/t/admin/ssl4.t
index fe3b8fcae..4b69f8538 100644
--- a/t/admin/ssl4.t
+++ b/t/admin/ssl4.t
@@ -110,14 +110,14 @@ run_tests;
__DATA__
-=== TEST 1: set ssl(sni: www.test.com), encrypt with the first key_encrypt_salt
+=== TEST 1: set ssl(sni: www.test.com), encrypt with the first keyring
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt:
+ data_encryption:
+ keyring:
- edd1c9f0985e76a1
- - edd1c9f0985e76a2
+ - qeddd145sfvddff3
--- config
location /t {
content_by_lua_block {
@@ -152,8 +152,8 @@ passed
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: "edd1c9f0985e76a1"
+ data_encryption:
+ keyring: "edd1c9f0985e76a1"
--- config
location /t {
content_by_lua_block {
@@ -182,12 +182,12 @@ passed
-=== TEST 3: client request with the old style key_encrypt_salt
+=== TEST 3: client request with the old style keyring
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: "edd1c9f0985e76a1"
+ data_encryption:
+ keyring: "edd1c9f0985e76a1"
--- response_body eval
qr{connected: 1
ssl handshake: true
@@ -207,12 +207,12 @@ server name: "www.test.com"
-=== TEST 4: client request with the new style key_encrypt_salt
+=== TEST 4: client request with the new style keyring
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt:
+ data_encryption:
+ keyring:
- edd1c9f0985e76a1
--- response_body eval
qr{connected: 1
@@ -233,26 +233,26 @@ server name: "www.test.com"
-=== TEST 5: client request failed with the wrong key_encrypt_salt
+=== TEST 5: client request failed with the wrong keyring
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt:
- - edd1c9f0985e76a2
+ data_encryption:
+ keyring:
+ - qeddd145sfvddff3
--- error_log
decrypt ssl key failed
[alert]
-=== TEST 6: client request successfully, use the two key_encrypt_salt to
decrypt in turn
+=== TEST 6: client request successfully, use the two keyring to decrypt in turn
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt:
- - edd1c9f0985e76a2
+ data_encryption:
+ keyring:
+ - qeddd145sfvddff3
- edd1c9f0985e76a1
--- response_body eval
qr{connected: 1
@@ -273,8 +273,8 @@ close: 1 nil}
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt:
+ data_encryption:
+ keyring:
- edd1c9f0985e76a1
--- config
location /t {
@@ -292,8 +292,8 @@ location /t {
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: null
+ data_encryption:
+ keyring: null
--- config
location /t {
content_by_lua_block {
@@ -324,12 +324,12 @@ passed
-=== TEST 9: client request without key_encrypt_salt
+=== TEST 9: client request without keyring
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: null
+ data_encryption:
+ keyring: null
--- response_body eval
qr{connected: 1
ssl handshake: true
@@ -353,8 +353,8 @@ server name: "www.test.com"
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: null
+ data_encryption:
+ keyring: null
--- config
location /t {
content_by_lua_block {
@@ -371,8 +371,8 @@ location /t {
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: null
+ data_encryption:
+ keyring: null
--- config
location /t {
content_by_lua_block {
diff --git a/t/node/data_encrypt.t b/t/node/data_encrypt.t
index 8746c88d5..0dece7d46 100644
--- a/t/node/data_encrypt.t
+++ b/t/node/data_encrypt.t
@@ -39,7 +39,7 @@ __DATA__
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -129,7 +129,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- request
@@ -145,7 +145,7 @@ hello world
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -230,7 +230,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- request
@@ -247,7 +247,7 @@ hello world
--- yaml_config
apisix:
data_encryption:
- enable: false
+ enable_encrypt_fields: false
keyring:
- edd1c9f0985e76a2
--- config
@@ -291,7 +291,7 @@ bar
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -344,7 +344,7 @@ failed to decrypt the conf of plugin [basic-auth] key
[password], err: decrypt s
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -402,7 +402,7 @@ failed to decrypt the conf of plugin [basic-auth] key
[password], err: decrypt s
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- request
@@ -419,7 +419,7 @@ hello world
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -478,7 +478,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- qeddd145sfvddff3
- edd1c9f0985e76a2
@@ -495,7 +495,7 @@ hello world
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/node/data_encrypt2.t b/t/node/data_encrypt2.t
index 142961898..d9476228d 100644
--- a/t/node/data_encrypt2.t
+++ b/t/node/data_encrypt2.t
@@ -38,7 +38,7 @@ __DATA__
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -101,7 +101,7 @@ abc123
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- request
@@ -121,7 +121,7 @@ clickhouse headers: x-clickhouse-database:default
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -189,7 +189,7 @@ abc123
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -268,7 +268,7 @@ def456
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -345,7 +345,7 @@ abc123
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- request
@@ -365,7 +365,7 @@ clickhouse headers: x-clickhouse-database:default
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -443,7 +443,7 @@ abc123
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- request
@@ -463,7 +463,7 @@ clickhouse headers: x-clickhouse-database:default
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -567,7 +567,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -645,7 +645,7 @@ vU/ZHVJw7b0XscDJ1Fhtig==
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -704,7 +704,7 @@ apisix:
--- yaml_config
apisix:
data_encryption:
- enable: false
+ enable_encrypt_fields: false
--- config
location /t {
content_by_lua_block {
diff --git a/t/node/upstream-mtls.t b/t/node/upstream-mtls.t
index e8eacc3bc..b7bff235a 100644
--- a/t/node/upstream-mtls.t
+++ b/t/node/upstream-mtls.t
@@ -337,8 +337,8 @@ GET /t
--- yaml_config
apisix:
node_listen: 1984
- ssl:
- key_encrypt_salt: null
+ data_encryption:
+ keyring: null
--- config
location /t {
content_by_lua_block {
diff --git a/t/plugin/authz-casdoor.t b/t/plugin/authz-casdoor.t
index 25fab487a..aef07facc 100644
--- a/t/plugin/authz-casdoor.t
+++ b/t/plugin/authz-casdoor.t
@@ -448,7 +448,7 @@ failed when accessing token: invalid access_token
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/authz-keycloak3.t b/t/plugin/authz-keycloak3.t
index 619417bc3..e467705fe 100644
--- a/t/plugin/authz-keycloak3.t
+++ b/t/plugin/authz-keycloak3.t
@@ -113,7 +113,7 @@ Location: http://127.0.0.1/test
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/csrf.t b/t/plugin/csrf.t
index 1edc30239..6ed8b9592 100644
--- a/t/plugin/csrf.t
+++ b/t/plugin/csrf.t
@@ -332,7 +332,7 @@ hello world
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/elasticsearch-logger.t b/t/plugin/elasticsearch-logger.t
index ba9b6bfd9..1706f5c28 100644
--- a/t/plugin/elasticsearch-logger.t
+++ b/t/plugin/elasticsearch-logger.t
@@ -454,7 +454,7 @@ check elasticsearch custom body success
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/error-log-logger-clickhouse.t
b/t/plugin/error-log-logger-clickhouse.t
index 41dfe15d4..91ef60b18 100644
--- a/t/plugin/error-log-logger-clickhouse.t
+++ b/t/plugin/error-log-logger-clickhouse.t
@@ -218,7 +218,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -278,7 +278,7 @@ bar
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/google-cloud-logging2.t b/t/plugin/google-cloud-logging2.t
index def2ca0ca..11e86288e 100644
--- a/t/plugin/google-cloud-logging2.t
+++ b/t/plugin/google-cloud-logging2.t
@@ -75,7 +75,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/hmac-auth3.t b/t/plugin/hmac-auth3.t
index df41efaa1..70c5048c8 100644
--- a/t/plugin/hmac-auth3.t
+++ b/t/plugin/hmac-auth3.t
@@ -704,7 +704,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/jwt-auth3.t b/t/plugin/jwt-auth3.t
index 3ab089a97..c28fad307 100755
--- a/t/plugin/jwt-auth3.t
+++ b/t/plugin/jwt-auth3.t
@@ -326,7 +326,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
@@ -382,7 +382,7 @@ IRWpPjbDq5BCgHyIllnOMA==
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/kafka-proxy.t b/t/plugin/kafka-proxy.t
index 52ba9d874..eedc6d986 100644
--- a/t/plugin/kafka-proxy.t
+++ b/t/plugin/kafka-proxy.t
@@ -62,7 +62,7 @@ property "sasl" validation failed: property "password"
validation failed: wrong
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/openid-connect2.t b/t/plugin/openid-connect2.t
index 29c49aedb..bbb775beb 100644
--- a/t/plugin/openid-connect2.t
+++ b/t/plugin/openid-connect2.t
@@ -85,7 +85,7 @@ __DATA__
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/rocketmq-logger2.t b/t/plugin/rocketmq-logger2.t
index af84ecf28..7f3d054fa 100644
--- a/t/plugin/rocketmq-logger2.t
+++ b/t/plugin/rocketmq-logger2.t
@@ -447,7 +447,7 @@ done
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/sls-logger.t b/t/plugin/sls-logger.t
index 9e668e1bf..940ddf6a2 100644
--- a/t/plugin/sls-logger.t
+++ b/t/plugin/sls-logger.t
@@ -264,7 +264,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
diff --git a/t/plugin/tencent-cloud-cls.t b/t/plugin/tencent-cloud-cls.t
index 6005504da..92b78f29d 100644
--- a/t/plugin/tencent-cloud-cls.t
+++ b/t/plugin/tencent-cloud-cls.t
@@ -346,7 +346,7 @@ passed
--- yaml_config
apisix:
data_encryption:
- enable: true
+ enable_encrypt_fields: true
keyring:
- edd1c9f0985e76a2
--- config
