Fluent::Plugin::Jwt::Filter
Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key). This plugin uses json-jwt to encrypt/decrypt messages.
Installation
Add this line to your application's Gemfile:
gem 'fluent-plugin-jwt-filter'
And then execute:
bundle
Or install it yourself as:
gem install fluent-plugin-jwt-filter
Usage
fluent-plugin-jwt-filter provides encrypt and decrypt of messages.
<filter test>
@type jwt
method encrypt
</filter>
Encrypt/Decrypt can be selected by method option.
Encryption
In the following example, input from in_tail plugin is encrypted by jwt-filter and then outputted by out_forward plugin.
<source>
@type tail
path /tmp/test.log
pos_file /tmp/test.log.pos
tag test
format json
</source>
<filter test>
@type jwt
method encrypt
</filter>
<match test>
@type forward
<server>
host ::1
port 24224
</server>
</match>
For encryption, the following options are available.
- jwk_pub_file: is a file name which records public key of JSON Web Key (JWK). JWK public and private key can be easily generated by jwk_tool.
- block_cipher_alg: is an algorithm to encrypt the contents. Block cipher is used for encryption and symmetric key of block cipher is encrypted by key encryption algorithm. Currently json-jwt supports A128GCM, A256GCM, A128CBC-HS256 and A256CBC-HS512 (default A128GCM and require "ruby > 2.0.0").
key_encryption_alg: is an algorithm to encrypt block cipher encryption key. Basically public key algorithm is assumed. If JWK is created as symmetric key, this option is not required (default RSA1_5).
@type jwt jwk_pub_file fluent/key.pub block_cipher_alg A128GCM key_encryption_alg RSA1_5
Decryption
In the following example, input from in_forward plugin is decrypted by jwt-filter and then outputted by out_stdout plugin.
<source>
@type forward
port 24224
bind ::1
</source>
<filter test>
@type jwt
method decrypt
</filter>
<match test>
type stdout
</match>
For decryption, the following options are available.
config_param :method, :string, :default => "encrypt" config_param :jwk_file, :string, :default => "key"
- jwk_file: is a file name which records private key of JSON Web Key (JWK). As already mentioned in Encryption section, JWK public and private key can be easily generated by jwk_tool.