From e8b54dfe6abacecf788c1d88a37e58d50e0f5c3c Mon Sep 17 00:00:00 2001
From: Firas Medini <mdnfiras@gmail.com>
Date: Wed, 1 Oct 2025 11:43:37 +0200
Subject: [PATCH] Add support for setting encryption configs

---
 charts/apisix/Chart.yaml               |  2 +-
 charts/apisix/templates/configmap.yaml | 10 ++++++++++
 charts/apisix/values.yaml              |  9 +++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/charts/apisix/Chart.yaml b/charts/apisix/Chart.yaml
index bbbea041..d4ed0235 100644
--- a/charts/apisix/Chart.yaml
+++ b/charts/apisix/Chart.yaml
@@ -31,7 +31,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.11.6
+version: 2.11.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index 18e3ad4d..edf09e17 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -44,6 +44,16 @@ data:
     {{- end }}
     {{- else }}
     apisix:    # universal configurations
+      {{- if .Values.apisix.encryption }}
+      data_encryption:         # Data encryption settings
+        enable_encrypt_fields: {{ .Values.apisix.encryption.enabled }}
+        {{- if and .Values.apisix.encryption.keyring (gt (len .Values.apisix.encryption.keyring) 0) }}
+        keyring:
+          {{- range $key := .Values.apisix.encryption.keyring }}
+          - {{ $key | quote }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
       {{- if not (eq .Values.apisix.deployment.role "control_plane") }}
       node_listen:    # APISIX listening port
         - {{ .Values.service.http.containerPort }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index de5ad506..1563d46f 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -584,6 +584,15 @@ apisix:
     ip: "0.0.0.0"
     port: 7085
 
+  # -- Data encryption settings.
+  encryption:
+    # -- Enable or disable the encryption feature.
+    enabled: true
+    # -- The keyring used for encryption and decryption of sensitive data.
+    # leave empty to use the default keyring.
+    keyring: []
+      # - "0123456789abcdef"
+
 # -- external etcd configuration. If etcd.enabled is false, these configuration will be used.
 externalEtcd:
   # -- if etcd.enabled is false, use external etcd, support multiple address, if your etcd cluster enables TLS, please use https scheme, e.g. https://127.0.0.1:2379.