Skip to content

Commit 9886144

Browse files
CH3CHOCH3CHO
committed
feat: Update the logic of handling data encryption key in configure.sh
1 parent b0871d5 commit 9886144

1 file changed

Lines changed: 17 additions & 11 deletions

File tree

bin/configure.sh

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -169,15 +169,12 @@ configureByArgs() {
169169
fi
170170
fi
171171

172-
if [ "$USE_BUILTIN_NACOS" != "Y" ]; then
173-
KEY_LENGTH=${#NACOS_DATA_ENC_KEY}
174-
if [ $KEY_LENGTH == 0 ]; then
175-
echo "--data-enc-key is required when using external Nacos service."
176-
exit -1
177-
elif [ $KEY_LENGTH != 32 ]; then
178-
echo "Expecting 32 characters for --data-enc-key, but got ${KEY_LENGTH}."
179-
exit -1
180-
fi
172+
KEY_LENGTH=${#NACOS_DATA_ENC_KEY}
173+
if [ $KEY_LENGTH == 0 ]; then
174+
NACOS_DATA_ENC_KEY=$(cat /dev/urandom | tr -dc '[:alnum:]' | head -c 32)
175+
elif [ $KEY_LENGTH != 32 ] && [ "$USE_BUILTIN_NACOS" != "Y" ]; then
176+
echo "Expecting 32 characters for --data-enc-key, but got ${KEY_LENGTH}."
177+
exit -1
181178
fi
182179

183180
if [ "$USE_BUILTIN_NACOS" == "Y" ]; then
@@ -256,10 +253,12 @@ configureStandaloneNacosServer() {
256253

257254
while true
258255
do
259-
readNonEmpty "Please input a 32-char long string for data encryption: "
256+
readWithDefault "Please input a 32-char long string for data encryption (Enter to generate a random one): " ""
260257
NACOS_DATA_ENC_KEY=$input
261258
KEY_LENGTH=${#NACOS_DATA_ENC_KEY}
262-
if [ $KEY_LENGTH != 32 ]; then
259+
if [ $KEY_LENGTH == 0 ]; then
260+
NACOS_DATA_ENC_KEY=$(cat /dev/urandom | tr -dc '[:alnum:]' | head -c 32)
261+
elif [ $KEY_LENGTH != 32 ]; then
263262
echo "Expecting 32 characters, but got ${KEY_LENGTH}."
264263
continue;
265264
fi
@@ -315,6 +314,13 @@ outputWelcomeMessage() {
315314
'
316315
echo "Higress is configured successfully."
317316
echo ""
317+
if [ "$USE_BUILTIN_NACOS" != "Y" ]; then
318+
echo "Important Notes:"
319+
echo " Sensitive configurations are encrypted when saving to Nacos."
320+
echo " When configuring another server with the same Nacos configuration service, please make sure to add the following argument so all servers use the same encryption key:"
321+
echo " --data-enc-key='${NACOS_DATA_ENC_KEY}'"
322+
echo ""
323+
fi
318324
echo "Usage:"
319325
echo " Start: $ROOT/bin/startup.sh"
320326
echo " Stop: $ROOT/bin/stop.sh"

0 commit comments

Comments
 (0)