如何加密流利的 SQL 插件密码？

Question

. Answers to this question are eligible for a +50 reputation bounty. Mysterious288 is looking for an :

I'm looking for a solution, anyone having best solution will be rewarded with extra points.

Because of security reasons, we can't keep SQL authentication in plain text, is there a way to hide or encrypt passwords?

Bad documentation and bad support from the plugin site, I'm stuck, please help and please don't mention about keeping in environment variables.

Github link: https://github.com/fluent/fluent-plugin-sql

<source>
  @type sql
  @id output_sql
  host "sqlserverhost.aws_region.rds.amazonaws.com"
  database db_name
  adapter sqlserver
  username user
  password pwd   ==============================>>>> This is in plain text
  tag_prefix myrdb # optional, but recommended
  select_interval 60s # optional
  select_limit 500 # optional
  state_file /var/run/fluentd/sql_state
  <table>
    table tbl_name
    update_column insert_timestamp
  </table>
</source>

<match **>
  @type stdout
</match>

Answer 1

I recommend adding the SQL plugin password into your config/credentials.yml.enc which should be able to be accessed as an environmental variable.

unencrypted config/credentials.yml.enc

fluentd:
    password: yourpassword

Then when you need to access the password

Rails.application.credentials.fluentd[:password] 

See more about encryption of secrets and its workflow in this guide: https://blog.corsego.com/ruby-on-rails-6-credentials-full

EDIT: Apologies, I did not read your question thoroughly and did not see the stipulation, " I'm stuck, please help and please don't mention about keeping in environment variables."

I would advocate for using environment variables but perhaps you could provide additional insight on why that solution would not fit your use case.

There is a compelling conversation on an another Stack Overflow question

Is it secure to store passwords as environment variables (rather than as plain text) in config files?