数据脱敏
SQL1: create table test1(id int masked with(function='default()'));
SQL2: insert into test1 values(2);
SQL3:select * from test1;
SQL4: create table test2(id int masked with(function='random(1,10)'));
SQL5: insert into test2 values(2);
SQL6:select * from test2;
SQL7: create table test3(a varchar(10) default 'abc' masked with (function='partial(2,"***",3)')); //脱敏后是保留开始2个字符,末尾3个字符,中间用***替换
SQL8: insert into test3 values('abcdefg');
SQL9:select * from test3;
数据加密
证书创建
create encryption certificate identified by '' content '';
设置identified by 密码 则为密文秘钥, 为空则为明文秘钥
content 为秘钥内容, 可设置也可不设置
注意: 明文秘钥和密文秘钥一但创建, 如需重新创建需要删除 gcluster,gnode config 目录下的encryption.crt文件
create encryption certificate identified by ''; 明文秘钥
create encryption certificate identified by '111111'; 密文秘钥
create encryption certificate identified by '111111' content 'fsdfdsfds' 设置秘钥内容
如果创建证书为密文秘钥, 则在往加密表中插入数据前,需要打开秘钥证书
alter encryption certificate open identified by '111111';
也可通过如下命令关闭证书
alter encryption certificate close;
修改密文证书口令
alter encryption certificate identified by '111111' to '222222';
也可对证书进行明文和密文秘钥的切换
alter encryption certificate identified by '' to '111111';
alter encryption certificate identified by '111111' to '';
创建证书后,可通过如下命令查询证书状态
select * from information_schema.all_encryption_certificate_status;
加密控制参数
gbase_disable_encrypt 默认关闭,关闭时,加密正常使用,开启时,创建加密表不带加密属性
加密表创建
create table t(id int,a varchar(20))encrypt;
create table t1(id int encrypt,a varchar(20));
参数:
encrypt_server_host,encrypt_server_port 在gnode 节点配置文件设置
此两个参数为向server获取秘钥, 如一个node上,config目录下的encryption.crt缺失,会向server获取
