Encrypt/decrypt only certain fields of payload

Community Support
1

Hello, Temporal community,

I am working on a way to encrypt and decrypt only certain fields of workflow payload. For that I’m using custom struct tags in Go and reflect pkg to loop through struct fields. For now only string and [’]byte fields are encrypted. Here is the signature:

func encryptFields(obj interface{}, key []byte) (map[string]interface{}, error)

It is used in the method below:

func (dc *CryptDataConverter) ToPayload(value interface{}) (*commonpb.Payload, error)

after I return map[string]interface{} I convert it back to original type.
Encryption works fine, but on the decryption side I have an issue.
So here is the signature of data-converter interface:

func (dc *CryptDataConverter) FromPayload(payload *commonpb.Payload, valuePtr interface{}) error {

payload.Data is a slice of bytes that contain the input (with already encrypted fields).
The problem is I don’t know how to use valuePtr to unmarshal it to object, which I can pass in to

func decryptFields(obj interface{}, key []byte) (map[string]interface{}, error)

method.

Any suggestions/recommendations would be appreciated. Thanks!

2

You have to use Go reflection to find out the type of the valuePtr and then deserialize your payload according to your rules.

3

Thanks for as always quick response!

func (dc *CryptDataConverter) FromPayload(payload *commonpb.Payload, valuePtr interface{}) error {
	val := reflect.ValueOf(valuePtr).Elem().Interface() // <- this is interface{} of type WfInput

	err := json.Unmarshal(payload.Data, &val)
	if err != nil {
		return err
	}
    // .....
}

The problem here is that json.Unmarshal turns val to map[string]interface{} because val itself is interface with underlying type of WfInput . So for it to unmarshal properly to struct, I need to pass reference to instance of WfInput . So how do I extract and instantiate struct of interface’s underlying type ?