Encryption support options

Description

I need to get the ball rolling on encryption options for Logstash as it will soon be a need internally for my company.

There are two types of encryption to consider:

  • transport level

  • message level

Transport level would require customization on input and output plugins of appropriate types. This might fit with an option in base.rb for each or it might not. Notable conflicts include rabbitmq.

Message level security COULD be implemented at the ingress/egress but probably makes the most sense as a filter. In such a case I envision that this encryption require specifying fields that the user wishes to encrypt. This would require the user to make decryption the first step in any filter chains to do further processing.

Another option is to provide for a keyed field name in the json_event format that indicated decryption needed to happen automatically. Possibly this would be something like this:

{ "crypted_fields":["message", "source_host", "foo"] }

Upon seeing this, logstash would automatically decrypt the relevant fields before passing up the chain. Obviously, there needs to be a way for logstash to know how to decrypt it. In this basic implementation, a shared key would probably suffice:

input { stdin { type => "stdin-test" shared_key => "makemetastedagoat" } }

Obviously the keys would need to match up and this is only a basic impl.

Comments?

Assignee

John E. Vincent

Reporter

John E. Vincent

Labels

None

Fix versions

Affects versions

Configure