public class DekRegistry extends Object implements Closeable
| Modifier and Type | Field and Description |
|---|---|
static String |
AWS_KMS |
static String |
AZURE_KMS |
static byte[] |
EMPTY_AAD |
static String |
GCP_KMS |
static String |
KEY |
static int |
LATEST_VERSION |
static int |
MIN_VERSION |
static String |
X_FORWARD_HEADER |
| Constructor and Description |
|---|
DekRegistry(SchemaRegistry schemaRegistry,
MetricsManager metricsManager) |
| Modifier and Type | Method and Description |
|---|---|
void |
close() |
DekRegistryConfig |
config() |
protected <K,V> io.kcache.Cache<K,V> |
createCache(org.apache.kafka.common.serialization.Serde<K> keySerde,
org.apache.kafka.common.serialization.Serde<V> valueSerde,
String topic,
io.kcache.CacheUpdateHandler<K,V> cacheUpdateHandler) |
DataEncryptionKey |
createDek(String kekName,
boolean rewrap,
CreateDekRequest request) |
Dek |
createDekOrForward(String kekName,
boolean rewrap,
CreateDekRequest request,
Map<String,String> headerProperties) |
KeyEncryptionKey |
createKek(CreateKekRequest request) |
Kek |
createKekOrForward(CreateKekRequest request,
Map<String,String> headerProperties) |
void |
deleteDek(String name,
String subject,
DekFormat algorithm,
boolean permanentDelete) |
void |
deleteDekOrForward(String name,
String subject,
DekFormat algorithm,
boolean permanentDelete,
Map<String,String> headerProperties) |
void |
deleteDekVersion(String name,
String subject,
int version,
DekFormat algorithm,
boolean permanentDelete) |
void |
deleteDekVersionOrForward(String name,
String subject,
int version,
DekFormat algorithm,
boolean permanentDelete,
Map<String,String> headerProperties) |
void |
deleteKek(String name,
boolean permanentDelete) |
void |
deleteKekOrForward(String name,
boolean permanentDelete,
Map<String,String> headerProperties) |
protected DataEncryptionKey |
generateEncryptedDek(KeyEncryptionKey kek,
DataEncryptionKey key) |
protected DataEncryptionKey |
generateRawDek(KeyEncryptionKey kek,
DataEncryptionKey key) |
protected com.google.crypto.tink.Aead |
getAead(KeyEncryptionKey kek) |
protected Cryptor |
getCryptor(DekFormat dekFormat) |
DataEncryptionKey |
getDek(String kekName,
String subject,
int version,
DekFormat algorithm,
boolean lookupDeleted) |
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> |
getDeks(String tenant,
boolean lookupDeleted) |
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> |
getDeks(String tenant,
String kekName,
boolean lookupDeleted) |
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> |
getDeks(String tenant,
String minKekName,
String maxKekName,
boolean lookupDeleted) |
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> |
getDeks(String tenant,
String kekName,
String subject,
DekFormat algorithm,
boolean lookupDeleted) |
List<String> |
getDekSubjects(String kekName,
boolean lookupDeleted) |
List<Integer> |
getDekVersions(String kekName,
String subject,
DekFormat algorithm,
boolean lookupDeleted) |
KeyEncryptionKey |
getKek(String name,
boolean lookupDeleted) |
List<String> |
getKekNames(List<String> subjectPrefix,
boolean lookupDeleted) |
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> |
getKeks(String tenant,
boolean lookupDeleted) |
DataEncryptionKey |
getLatestDek(String kekName,
String subject,
DekFormat algorithm,
boolean lookupDeleted) |
MetricsManager |
getMetricsManager() |
KafkaSchemaRegistry |
getSchemaRegistry() |
protected com.google.common.collect.SetMultimap<String,KeyEncryptionKeyId> |
getSharedKeys() |
void |
init() |
boolean |
initialized() |
boolean |
isLeader() |
io.kcache.Cache<EncryptionKeyId,EncryptionKey> |
keys() |
protected Lock |
lockFor(String tenant) |
KeyEncryptionKey |
putKek(String name,
UpdateKekRequest request) |
Kek |
putKekOrForward(String name,
UpdateKekRequest request,
Map<String,String> headerProperties) |
void |
testKek(KeyEncryptionKey kek) |
Kek |
toKekEntity(KeyEncryptionKey kek) |
void |
undeleteDek(String name,
String subject,
DekFormat algorithm) |
void |
undeleteDekOrForward(String name,
String subject,
DekFormat algorithm,
Map<String,String> headerProperties) |
void |
undeleteDekVersion(String name,
String subject,
int version,
DekFormat algorithm) |
void |
undeleteDekVersionOrForward(String name,
String subject,
int version,
DekFormat algorithm,
Map<String,String> headerProperties) |
void |
undeleteKek(String name) |
void |
undeleteKekOrForward(String name,
Map<String,String> headerProperties) |
void |
waitForInit() |
public static final String KEY
public static final int LATEST_VERSION
public static final int MIN_VERSION
public static final byte[] EMPTY_AAD
public static final String X_FORWARD_HEADER
public static final String AWS_KMS
public static final String AZURE_KMS
public static final String GCP_KMS
@Inject public DekRegistry(SchemaRegistry schemaRegistry, MetricsManager metricsManager)
public KafkaSchemaRegistry getSchemaRegistry()
public MetricsManager getMetricsManager()
protected <K,V> io.kcache.Cache<K,V> createCache(org.apache.kafka.common.serialization.Serde<K> keySerde,
org.apache.kafka.common.serialization.Serde<V> valueSerde,
String topic,
io.kcache.CacheUpdateHandler<K,V> cacheUpdateHandler)
throws io.kcache.exceptions.CacheInitializationException
io.kcache.exceptions.CacheInitializationExceptionpublic io.kcache.Cache<EncryptionKeyId,EncryptionKey> keys()
public DekRegistryConfig config()
protected com.google.common.collect.SetMultimap<String,KeyEncryptionKeyId> getSharedKeys()
@PostConstruct public void init()
public void waitForInit()
throws InterruptedException
InterruptedExceptionpublic boolean initialized()
public boolean isLeader()
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getKeks(String tenant, boolean lookupDeleted)
public KeyEncryptionKey getKek(String name, boolean lookupDeleted)
public Kek toKekEntity(KeyEncryptionKey kek)
public List<Integer> getDekVersions(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted)
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, boolean lookupDeleted)
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, String kekName, boolean lookupDeleted)
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, String minKekName, String maxKekName, boolean lookupDeleted)
protected List<io.kcache.KeyValue<EncryptionKeyId,EncryptionKey>> getDeks(String tenant, String kekName, String subject, DekFormat algorithm, boolean lookupDeleted)
public DataEncryptionKey getLatestDek(String kekName, String subject, DekFormat algorithm, boolean lookupDeleted) throws SchemaRegistryException
SchemaRegistryExceptionpublic DataEncryptionKey getDek(String kekName, String subject, int version, DekFormat algorithm, boolean lookupDeleted) throws SchemaRegistryException
SchemaRegistryExceptionpublic Kek createKekOrForward(CreateKekRequest request, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic KeyEncryptionKey createKek(CreateKekRequest request) throws SchemaRegistryException
SchemaRegistryExceptionpublic void testKek(KeyEncryptionKey kek) throws SchemaRegistryException
SchemaRegistryExceptionpublic Dek createDekOrForward(String kekName, boolean rewrap, CreateDekRequest request, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic DataEncryptionKey createDek(String kekName, boolean rewrap, CreateDekRequest request) throws SchemaRegistryException
SchemaRegistryExceptionprotected DataEncryptionKey generateEncryptedDek(KeyEncryptionKey kek, DataEncryptionKey key) throws DekGenerationException
DekGenerationExceptionprotected DataEncryptionKey generateRawDek(KeyEncryptionKey kek, DataEncryptionKey key) throws DekGenerationException
DekGenerationExceptionprotected com.google.crypto.tink.Aead getAead(KeyEncryptionKey kek) throws GeneralSecurityException
GeneralSecurityExceptionpublic Kek putKekOrForward(String name, UpdateKekRequest request, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic KeyEncryptionKey putKek(String name, UpdateKekRequest request) throws SchemaRegistryException
SchemaRegistryExceptionpublic void deleteKekOrForward(String name, boolean permanentDelete, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic void deleteKek(String name, boolean permanentDelete) throws SchemaRegistryException
SchemaRegistryExceptionpublic void deleteDekOrForward(String name, String subject, DekFormat algorithm, boolean permanentDelete, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic void deleteDek(String name, String subject, DekFormat algorithm, boolean permanentDelete) throws SchemaRegistryException
SchemaRegistryExceptionpublic void deleteDekVersionOrForward(String name, String subject, int version, DekFormat algorithm, boolean permanentDelete, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic void deleteDekVersion(String name, String subject, int version, DekFormat algorithm, boolean permanentDelete) throws SchemaRegistryException
SchemaRegistryExceptionpublic void undeleteKekOrForward(String name, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic void undeleteKek(String name) throws SchemaRegistryException
SchemaRegistryExceptionpublic void undeleteDekOrForward(String name, String subject, DekFormat algorithm, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic void undeleteDek(String name, String subject, DekFormat algorithm) throws SchemaRegistryException
SchemaRegistryExceptionpublic void undeleteDekVersionOrForward(String name, String subject, int version, DekFormat algorithm, Map<String,String> headerProperties) throws SchemaRegistryException
SchemaRegistryExceptionpublic void undeleteDekVersion(String name, String subject, int version, DekFormat algorithm) throws SchemaRegistryException
SchemaRegistryException@PreDestroy public void close() throws IOException
close in interface Closeableclose in interface AutoCloseableIOExceptionCopyright © 2026 Confluent, Inc.. All rights reserved.