LogSentinel’s API provides mechanism of searching in encrypted details. To be able to do this, you must perform the following 3 steps before sending data to the API:
- Extract parameters and keywords from the payload, by which events will be searchable
- Encrypt payload details with symmetric key. The algorithm must be AES (128 or 256). Important: for better security you should put a random block of 16 bytes in front of plain message before encrypting.
- Encrypt each keyword with the same key as in step 2 and hash it with SHA-256
Make a request to any of the
/api/log/ endpoints with the encrypted payload and parameters and add additional request param
encryptedKeywords with value=comma separated list of all encrypted and hashed keywords.
On the LogSentinel application dashboard page you can provide your key (Base64 encoded), thus enabling both decrypting encrypted details and searching by keywords in it. Note that the key is not sent to the server, so your encrypted details remain secret.
The LogSentinel Collector supports the encryption functionality out of the box. It requires configuring the private key:
privateKey- base64-encoded private key, useful for testing
privateKeyVaultKey- a key to obtain the private key dynamically from HashiCorp Vault
pkcs11Details- a list of properties (
pin) to use network HSMs