Skip to main content

Encrypt

Security Elastic Compatible

Synopsis

Encrypts string values using AES encryption with optional compression. Supports both AES-256-GCM (Galois/Counter Mode) and AES-256-CFB (Cipher Feedback) modes of operation.

When compression is enabled, data is compressed before encryption, significantly reducing the size of encrypted data.

Schema

encrypt:
  - algorithm: <string>
  - encryption_key: <string>
  - field: <ident>
  - iv_field: <ident>
  - description: <text>
  - if: <script>
  - ignore_failure: <boolean>
  - ignore_missing: <boolean>
  - on_failure: <processor[]>
  - on_success: <processor[]>
  - tag: <string>
  - with_compression: <boolean>

Configuration

FieldRequiredDefaultDescription
algorithmNAES-256-GCMEncryption algorithm to use. Valid values: AES-256-GCM or AES-256-CFB
encryption_keyY-32-byte key used for encryption
fieldY-Field containing the value to be encrypted
iv_fieldY-Field where the initialization vector will be stored
descriptionN-Explanatory note
ifN-Condition to run
ignore_failureNfalseSee Handling Failures
ignore_missingNfalseIf true and field doesn't exist, exit quietly
on_failureN-See Handling Failures
on_successN-See Handling Success
tagN-Identifier
with_compressionNfalseEnable compression before encryption to reduce data size

Details

The compression feature provides significant benefits:

  • Storage Efficiency - Reduces encrypted data size by 50-80% for text data, thereby lowering storage costs. It is particularly effective for repetitive content.

  • Performance - Smaller data size means faster transmission, thereby reducing network bandwidth consumption.

Ideal uses are log files with repeating patterns, JSON/XML documents, text-heavy data, and backup data.

warning

Encryption key must be exactly 32 bytes for AES-256. Both the encrypted value and IV are returned as base64 strings. Compression may not be beneficial for already compressed data, e.g. images.

The processor supports two AES-256 modes:

  • AES-256-GCM (Default) - Provides both confidentiality and authenticity. This is more secure against tampering, although slightly slower than the CFB mode.

  • AES-256-CFB -Provides confidentiality. This is faster than the GCM mode, although there is no built-in authentication.

note

The processor caches cipher instances for better performance when using the same encryption key multiple times.

Examples

AES-256-GCM

Using the GCM mode...

{
  "password": "mysecret123"
}
encrypt:
  - field: password
  - iv_field: password_iv
  - encryption_key: 6B58703273357638792F423F4528482B
  - algorithm: AES-256-GCM

encrypts the sensitive data and IV:

{
  "password": "KZh/JR2baS2MkZpseKZYoBN2tQ==",
  "password_iv": "F+e8YorshrvFiFTC"
}

Compression

Enabling compression for large text data...

{
  "log_data": "2024-01-01 DEBUG User logged in from IP 192.168.1.1\n2024-01-01 DEBUG User logged in from IP 192.168.1.1\n..."
}
encrypt:
  - field: log_data
  - iv_field: log_iv
  - encryption_key: 6B58703273357638792F423F4528482B
  - algorithm: AES-256-GCM
  - with_compression: true

produces smaller encrypted output:

{
  "log_data": "Yh8dR2S2kZpsMkYoBN2tQ==",
  "log_iv": "K+r8YorvFiFTC"
}

AES-256-CFB

Using the CFB mode...

{
  "message": "sensitive data"
}
encrypt:
  - field: message
  - iv_field: message_iv
  - encryption_key: 6B58703273357638792F423F4528482B
  - algorithm: AES-256-CFB

encrypts the data faster:

{
  "message": "vFza",
  "message_iv": "FmXUb0OPOWm1A2kw6diKYw=="
}

Error Handling

Handling missing fields gracefully...

{
  "other_field": "value"
}
encrypt:
  - field: missing_field
  - iv_field: missing_iv
  - encryption_key: 6B58703273357638792F423F4528482B
  - ignore_missing: true

continues the processing:

{
  "other_field": "value"
}