0

I am using teiid-wildfly server odata4 services to perform CRUD operations. I need to store some of the table fields in encrypted format. Could be possible for configure teiid security functions(AES_ENCRYPT) in vbd.xml file to perform encryption operations for specific fields in the tables.

Thanks in advance.

AMITESH
  • 5
  • 2

1 Answers1

0

Yes if you can provide the key those functions can be used to encrypt and decrypt as needed.

Steven Hawkins
  • 538
  • 1
  • 4
  • 7
  • Thanks Steven Hawkins. Below is my vdb.xml and odata4 rest call is inserted password column value as plain text to employee table. I have keys for encrypt/decrypt. Please let me how to do the security functions configuration in vdb.xml to store the password in encrypted format. I am using Teiid 15.0.1 **Rest call** http://localhost:8080/odata4/ws/PgDB/emp { "name": "test", "password": "test@12" } – AMITESH Jan 27 '21 at 15:48
  • The simplest approach would be to create a view (with a key for odata access) that adds the encrypted value as part of an insert trigger: create view emp_view (name string primary key, password string) as select name, password from emp; create trigger on emp_view instead of insert insert into emp (name, password) values (new.name, aes_encrypt(new.password, {key}); -- where you'll obtain the key through something like a system property or other externalizable method. – Steven Hawkins Jan 29 '21 at 18:31
  • Thanks Steven Hawkins. I configured the key as a system property in standalone-teiid.xml file and call aes_encrypt method inside the trigger as per the above instructions create trigger on emp_view instead of insert as for each row begin atomic **insert into emp (name, password) values (new.name,aes_encrypt(new.password, ${aes_key}));** end; Getting the error about aes_key value is not defined by any relevant group TEIID31118 Element "B05E533204139D03F24794CB862D53AF916D653F7DEB788D" is not defined by any relevant group. – AMITESH Feb 03 '21 at 15:17
  • As a system property, you can use the SYS_PROP('key name') function to get the key value. – Steven Hawkins Feb 05 '21 at 18:04