DataConverter - Convert/Encrypt certain fields only and not the whole payload

anmanz · March 15, 2023, 8:22am

Hello,

Can DataConverter be used to encrypt only certain fields from a workflow definition like password/token etc instead of the whole payload which is stored in the Temporal database?

Thank you

antonio.perez · March 16, 2023, 6:22pm

Hello @anmanz

Yes, you can implement your DataConverter to encrypt the values of only a few fields.

The implementation is on your side. For it I guess, in the Encode function you need to figure out the data structure first and then encrypt/decrypt only the fields you want.

anmanz · March 17, 2023, 7:36am

Hello. May I have a sample of this use case? In Go Lang. Thank you a lot

antonio.perez · March 17, 2023, 11:40am

Hello @anmanz

I will work on it.

I am not a go expert, but in the encode method you should be able to get p.Data (which is the input parameter) and encrypt only the fields you are interested in. Same when decoding

anmanz · March 28, 2023, 7:02am

Hello,

Can I have an example of how can encrypt only certain field (secret) from the second payload? Since we have two json payloads here? And by default it encrypts based on a loop for all the payloads in the array? Appreciate any help will be provided as soon as possible.

[
  {
    "path": "restconf/data/devices/device=device-0/config"
  },
  {
    "resource": {
      "scheme": "http",
      "host": "127.0.0.1",
      "port": 18080
    },
    "secret": {
      "userAndPass": {
        "username": "user",
        "password": "pass"
      }
    }
  }
]

Thank you,
Andrei

mridul1809 · March 29, 2023, 5:51am

1st thing you want to do is implement the temporal data converter interface and implement it’s methods

type DataConverter struct{ converter.DataConverter encrypterDecrypter ED }

In the ToPayloads method, encrypt selective fields using reflection and ED object in your data converter struct

In the FromPayloads method, decrypt the encrypted fields using reflect and ED object in your struct

Initialise your temporal client with this data converter object:

temporalClient, err := client.Dial(client.Options{
    DataConverter: dataConverter,
})

Encryption/Decryption using reflection: Golang: The Art of Reflection – Nutanix.dev
Note: This can be modified to be done based on a tag value in struct field rather than using a field of sensitive keys.

anmanz · March 29, 2023, 12:48pm

Hello Mridul,

Can you give me an example for the payload I gave? Maybe won’t be in the client, maybe will be on the worker side.

Thank you,
Andrei

Topic		Replies	Views
Encrypt/decrypt only certain fields of payload Community Support go-sdk	2	666	September 28, 2021
DataConverter for Encryption for the Typescript SDK? Community Support typescript-sdk	4	580	April 10, 2022
Tctl dataconverter plugin Community Support data-converter , tctl	4	466	November 19, 2021
How to hide sensitive info in temporal ctl or web ui? Community Support java-sdk , web-ui	9	2614	November 23, 2020
How to write Specific DataConverter Community Support data-converter	3	548	June 3, 2021

DataConverter - Convert/Encrypt certain fields only and not the whole payload

Related Topics