Class AzureKmsClient
java.lang.Object
io.confluent.kafka.schemaregistry.encryption.azure.AzureKmsClient
- All Implemented Interfaces:
com.google.crypto.tink.KmsClient
An implementation of
KmsClient for Azure KMS.-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionAzureKmsClient(String uri) Constructs a specific AzureKmsClient that is bound to a single key identified byuri.AzureKmsClient(String uri, com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm algorithm) Constructs a specific AzureKmsClient that is bound to a single key identified byuriand specifiedEncryptionAlgorithm. -
Method Summary
Modifier and TypeMethodDescriptionbooleandoesSupport(String uri) com.google.crypto.tink.AeadReturnsAzureKmsAeadfor the url provided.com.google.crypto.tink.KmsClientwithCredentials(String credentialPath) Loads Azure credentials from a properties file.com.google.crypto.tink.KmsClientwithCredentialsProvider(com.azure.core.credential.TokenCredential provider) loads credentials using providedTokenCredentialcom.google.crypto.tink.KmsClientwithCryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient cryptographyClient) Specifies theCryptographyClientobject to be used.com.google.crypto.tink.KmsClientLoads credentials usingDefaultAzureCredentialBuilderCreates default DefaultAzureCredential instance.
-
Field Details
-
PREFIX
- See Also:
-
-
Constructor Details
-
AzureKmsClient
public AzureKmsClient() -
AzureKmsClient
Constructs a specific AzureKmsClient that is bound to a single key identified byuri. -
AzureKmsClient
public AzureKmsClient(String uri, com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm algorithm) Constructs a specific AzureKmsClient that is bound to a single key identified byuriand specifiedEncryptionAlgorithm.- Parameters:
uri- urialgorithm- algorithm
-
-
Method Details
-
doesSupport
- Specified by:
doesSupportin interfacecom.google.crypto.tink.KmsClient- Returns:
-
withCredentials
public com.google.crypto.tink.KmsClient withCredentials(String credentialPath) throws GeneralSecurityException Loads Azure credentials from a properties file. Not supported yet.- Specified by:
withCredentialsin interfacecom.google.crypto.tink.KmsClient- Throws:
GeneralSecurityException
-
withDefaultCredentials
Loads credentials usingDefaultAzureCredentialBuilderCreates default DefaultAzureCredential instance. Uses AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID environment variables to create a ClientSecretCredential. If these environment variables are not available, then this will use the Shared MSAL token cache.- Specified by:
withDefaultCredentialsin interfacecom.google.crypto.tink.KmsClient- Returns:
- KmsClient object
- Throws:
GeneralSecurityException- security exception
-
withCredentialsProvider
public com.google.crypto.tink.KmsClient withCredentialsProvider(com.azure.core.credential.TokenCredential provider) throws GeneralSecurityException loads credentials using providedTokenCredential- Returns:
- KmsClient object
- Throws:
GeneralSecurityException- security exception
-
withCryptographyClient
public com.google.crypto.tink.KmsClient withCryptographyClient(com.azure.security.keyvault.keys.cryptography.CryptographyClient cryptographyClient) Specifies theCryptographyClientobject to be used. Only used for testing. -
getAead
ReturnsAzureKmsAeadfor the url provided.- Specified by:
getAeadin interfacecom.google.crypto.tink.KmsClient- Parameters:
uri- - azure keyvault key uri- Returns:
- Aead
- Throws:
GeneralSecurityException- security exception
-