DM uses a hard-coded encryption key

[sokada1221]

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. What did you do? If possible, provide a recipe for reproducing the error.

Used DM for a database migration, and noticed that it performs encryption without configuring any key. For example,

/ # ./dmctl -encrypt 123456
dezL/wb4mC5ymD0M+5Jy5ECTLCjSfjw=

I had a bad feeling about this, and took a quick look into the encryption code.
AES-CFB-256 is used with a random IV in pkg/encrypt/encrypt.go - this is good.
But the same publicly available key is always used, which defeats the whole point of encryption.

2. What did you expect to see?

A way to configure encryption key. SetSecretKey function is available but not accessible as a feature.

3. What did you see instead?

Hard-coded key in pkg/encrypt/encrypt.go

4. Versions of the cluster

   • DM version (run dmctl -V or dm-worker -V or dm-master -V):

     / # ./dmctl -V
     Release Version: v1.0.5
     Git Commit Hash: a8e9f53f91e29756b09a22cdc37a6a6efcdfe55b
     Git Branch: release-1.0
     UTC Build Time: 2020-04-27 06:56:31
     Go Version: go version go1.13 linux/amd64
     

   • Upstream MySQL/MariaDB server version:

     N/A
     

   • Downstream TiDB cluster version (execute SELECT tidb_version(); in a MySQL client):

     N/A
     

   • How did you deploy DM: DM-Ansible or manually?

     DM-Ansible
     

   • Other interesting information (system version, hardware config, etc):

5. current status of DM cluster (execute query-status in dmctl)

N/A

6. Operation logs

N/A

7. Configuration of the cluster and the task

N/A

8. Screenshot/exported-PDF of Grafana dashboard or metrics' graph in Prometheus for DM if possible

N/A

[csuzhangxc]

@shinnosuke-okada We plan to support (and recommend) plaintext in #633.

"A way to configure encryption key" seems not easy to use.

[csuzhangxc]

we already support plaintext from v1.0.6.