Package io.confluent.kafka.schemaregistry.encryption.aws

Class AwsKmsDriver

java.lang.Object

io.confluent.kafka.schemaregistry.encryption.aws.AwsKmsDriver

All Implemented Interfaces:

KmsDriver

public class AwsKmsDriver
extends Object
implements KmsDriver

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ACCESS_KEY_ID
static final String	AWS_ROLE_ARN
static final String	AWS_ROLE_EXTERNAL_ID
static final String	AWS_ROLE_SESSION_NAME
static final String	PROFILE
static final String	ROLE_ARN
static final String	ROLE_EXTERNAL_ID
static final String	ROLE_SESSION_NAME
static final String	SECRET_ACCESS_KEY

Fields inherited from interface io.confluent.kafka.schemaregistry.encryption.tink.KmsDriver

KMS_TYPE_SUFFIX, TEST_CLIENT

Constructor Summary

Constructors

Constructor	Description
AwsKmsDriver()

Method Summary

Modifier and Type	Method	Description
String	getKeyUrlPrefix()
static software.amazon.awssdk.regions.Region	getRegionFromKeyId(String keyId)
com.google.crypto.tink.KmsClient	newKmsClient(Map<String,?> configs, Optional<String> kekUrl)
protected static com.google.crypto.tink.KmsClient	newKmsClientWithAwsKms(Optional<String> keyUri, Optional<software.amazon.awssdk.auth.credentials.AwsCredentialsProvider> credentials, software.amazon.awssdk.services.kms.KmsClient awsKms)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.confluent.kafka.schemaregistry.encryption.tink.KmsDriver

doesSupport, getKmsClient, getTestClient, registerKmsClient

Field Details

ACCESS_KEY_ID

public static final String ACCESS_KEY_ID

See Also:

• Constant Field Values

SECRET_ACCESS_KEY

public static final String SECRET_ACCESS_KEY

See Also:

• Constant Field Values

PROFILE

public static final String PROFILE

See Also:

• Constant Field Values

ROLE_ARN

public static final String ROLE_ARN

See Also:

• Constant Field Values

ROLE_SESSION_NAME

public static final String ROLE_SESSION_NAME

See Also:

• Constant Field Values

ROLE_EXTERNAL_ID

public static final String ROLE_EXTERNAL_ID

See Also:

• Constant Field Values

AWS_ROLE_ARN

public static final String AWS_ROLE_ARN

See Also:

• Constant Field Values

AWS_ROLE_SESSION_NAME

public static final String AWS_ROLE_SESSION_NAME

See Also:

• Constant Field Values

AWS_ROLE_EXTERNAL_ID

public static final String AWS_ROLE_EXTERNAL_ID

See Also:

• Constant Field Values

Constructor Details

AwsKmsDriver

public AwsKmsDriver()

Method Details

getKeyUrlPrefix

public String getKeyUrlPrefix()

Specified by:

getKeyUrlPrefix in interface KmsDriver

getRegionFromKeyId

public static software.amazon.awssdk.regions.Region getRegionFromKeyId(String keyId)

newKmsClient

public com.google.crypto.tink.KmsClient newKmsClient(Map<String,?> configs,
 Optional<String> kekUrl)
                                              throws GeneralSecurityException

Specified by:

newKmsClient in interface KmsDriver

Throws:

GeneralSecurityException

newKmsClientWithAwsKms

protected static com.google.crypto.tink.KmsClient newKmsClientWithAwsKms(Optional<String> keyUri,
 Optional<software.amazon.awssdk.auth.credentials.AwsCredentialsProvider> credentials,
 software.amazon.awssdk.services.kms.KmsClient awsKms)
                                                                  throws GeneralSecurityException

Throws:

GeneralSecurityException