feat: add security conf

[WqyJh]

A simple method for config encrypt/decrypt.

Add conf.SecurityConf to your Config.

import (
	"github.com/zeromicro/go-zero/rest"
	"github.com/zeromicro/go-zero/core/conf"
)
type Config struct {
	rest.RestConf
 	Security conf.SecurityConf
 	SensitiveKey string
 	SensitiveValue string
}

Use the following code to encrypt your sensitive data, and replace the plain string in your config with the encrypted string.

var (
	key = "12345678"
)

func TestEncrypt(t *testing.T) {
	plain := "sensitive_key"
	encrypted, err := confcrypt.EncryptString(plain, key)
	assert.NoError(t, err)
	t.Logf("encrypted: '%s'", encrypted) // encrypted: ENC~i1eiPez4IICS/iA+zIEyDk3UHQz9enP+kHG3X/LCJixtgEw4i3o=
}

This is the config file.

Security:
  Enable: true
  Env: MY_SECRET_KEY

SensitiveKey: ENC~i1eiPez4IICS/iA+zIEyDk3UHQz9enP+kHG3X/LCJixtgEw4i3o=
SensitiveValue: ENC~KWLH5csxSeG3zgPMFYmgIslTrPaWUfZsLaAkJ9z9zwf6LXyHh5ddYeO5sCRH8xeLOXGWUaA=

Use conf.SecurityLoad or conf.SecurityMustLoad instead of conf.Load or conf.MustLoad.

Start the service with environment variable of you secret key.

export MY_SECRET_KEY=mysecretkey

All of the string config starts with ENC~ would be decrypted.