README
¶
Go Nano Services Module Database
Database modules for Go Nano Services, this modules designed to concurrent safe
Installation
go get code.afis.me/go-nano-services/modules/database
Upgrading to latest version
go get -u code.afis.me/go-nano-services/modules/database
Upgrade or downgrade with tag version if available
go get -u code.afis.me/go-nano-services/modules/database@v1.0.0
Mysql Encryption
Using preload plugins (Recommended)
SHOW VARIABLES LIKE 'plugin_dir';
Copy file plugins/mysql/encryption-udf.so to mysql plugins directory
Using pre-build Mysql Docker Images
# docker file located in images/mysql/Dockerfile
docker pull afisme/mysql:8.0.30
Install mysql custom encrypted
CREATE FUNCTION aes_encrypt_udf RETURNS STRING SONAME 'encryption-udf.so';
CREATE FUNCTION aes_decrypt_udf RETURNS STRING SONAME 'encryption-udf.so';
Removing mysql custom encrypted
DROP FUNCTION IF EXISTS aes_encrypt_udf;
DROP FUNCTION IF EXISTS aes_decrypt_udf;
Mysql Encrypted Raw Query
# aes_encrypt_udf parameter : aes_encrypt_udf('raw_data','key','key_version')
SELECT aes_encrypt_udf('JUST MESSAGE FOR ENCRYPTION', 'key', '0') as result;
# aes_decrypt_udf parameter : aes_decrypt_udf('raw_data/field','key_version:key,key_version:key')
SELECT aes_decrypt_udf(email, '0:key,1:keyV1') as result FROM user_data;
Mysql Example Raw Query, with WHERE and JOIN
SELECT aes_decrypt_udf(users.email, '0:key') as `email`,
aes_decrypt_udf(users.user_name, '0:key') as `user_name`,
aes_decrypt_udf(user_data.phone, '0:key') as `phone`,
aes_decrypt_udf(user_data.address, '0:key') as `address`,
user_data.name as name FROM `users` JOIN user_data WHERE user_data.email = users.email
AND aes_decrypt_udf(users.email, '0:key') LIKE '%user-2%' ORDER BY users.email desc
Limitation mysql custom encrypted
If the key version changes, ON DUPLICATE KEY won't work, you need to manually query WHERE to see if there are duplicates.
or you can use native encryption for column with have primary key or unique, but the key can't be rotated.
interfaces.NewSqlEncrypted(local.New("primary"), interfaces.EncryptTypeNative)
also, see example mysql example/mysql/main.go
Run Mysql Example
make mysql-example
Mongodb encryption
For Debian Based (bullseye)
sudo apt-get update && sudo apt-get install -y curl gpg
sudo sh -c "curl -s --location https://www.mongodb.org/static/pgp/libmongocrypt.asc | sudo gpg --dearmor >/etc/apt/trusted.gpg.d/libmongocrypt.gpg"
sudo sh -c "curl -s --location https://www.mongodb.org/static/pgp/server-6.0.asc | sudo gpg --dearmor >/etc/apt/trusted.gpg.d/server-6.0.gpg"
echo "deb https://libmongocrypt.s3.amazonaws.com/apt/debian buster/libmongocrypt/1.6 main" | sudo tee /etc/apt/sources.list.d/libmongocrypt.list
echo "deb http://repo.mongodb.com/apt/debian bullseye/mongodb-enterprise/6.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-enterprise.list
sudo apt-get update && sudo apt-get install -y mongodb-enterprise-cryptd=6.0.3 libmongocrypt-dev libbson-dev
For Ubuntu Based (jammy)
sudo apt-get update && sudo apt-get install -y curl gpg
sudo sh -c "curl -s --location https://www.mongodb.org/static/pgp/libmongocrypt.asc | sudo gpg --dearmor >/etc/apt/trusted.gpg.d/libmongocrypt.gpg"
sudo sh -c "curl -s --location https://www.mongodb.org/static/pgp/server-6.0.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/server-6.0.gpg"
echo "deb https://libmongocrypt.s3.amazonaws.com/apt/ubuntu focal/libmongocrypt/1.6 universe" | sudo tee /etc/apt/sources.list.d/libmongocrypt.list
echo "deb http://repo.mongodb.com/apt/debian bullseye/mongodb-enterprise/6.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-enterprise.list
sudo apt-get update && sudo apt-get install -y mongodb-enterprise-cryptd=6.0.3 libmongocrypt-dev libbson-dev
Run Mongo Example
make mongo-example
Run Mongo Example With Docker
make mongo-example-docker
Directories
Click to show internal directories.
Click to hide internal directories.