[improve] [pip] PIP-290 Provide a way to implement WSS E2E encryption and not need to expose the private key to the WebSocket Proxy #20923
Conversation
github-actions
bot
added
type/PIP
doc-required
poorbarcode
changed the title
pip/pip-290.md
Outdated
| | `encryptionKeyValues` | Base64 encoded and URL encoded secret key | | ||
| | `encryptionKeyMetadata` | Base64 encoded and URL encoded and JSON formatted key-value metadata list of encryption key | |
There was a problem hiding this comment.
Why not add the key metadata to the encryptionKeyValues JSON structure? So that it will align with the returned data structure to consumers.
And could you please also provide an example of what is the original data looks like? without base64 and URL encoding.
There was a problem hiding this comment.
Why not add the key metadata to the encryptionKeyValues JSON structure? So that it will align with the returned data structure to consumers.
I added a new mode for the parameter encryptionKeys: If a producer registered with a JSON parameter encryptionKeys, and the encryptionKeys[{key_name}].keyValue is not empty, Web Socket Proxy Server will mark this Producer as Client-Side Encryption Producer, then discard server-side batch messages, server-side compression, and server-side encryption.
And could you please also provide an example of what is the original data looks like? without base64 and URL encoding.
Done.
codelipenghui
dismissed
their stale review
Accidently clicked the approve button
See PIP: apache#20923 (cherry picked from commit 07eef59)
Documentation
docdoc-requireddoc-not-neededdoc-completeMatching PR in forked repository
PR in forked repository: x