Package io.confluent.kafka.schemaregistry.encryption

Class FieldEncryptionExecutor

java.lang.Object

io.confluent.kafka.schemaregistry.rules.FieldRuleExecutor

io.confluent.kafka.schemaregistry.encryption.FieldEncryptionExecutor

All Implemented Interfaces:

RuleBase, RuleExecutor, AutoCloseable, org.apache.kafka.common.Configurable

public class FieldEncryptionExecutor
extends FieldRuleExecutor

In envelope encryption, a user generates a data encryption key (DEK) locally, encrypts data with the DEK, sends the DEK to a KMS to be encrypted (with a key managed by KMS - KEK), and then stores the encrypted DEK. At a later point, a user can retrieve the encrypted DEK for the encrypted data, use the KEK from KMS to decrypt the DEK, and use the decrypted DEK to decrypt the data.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	FieldEncryptionExecutor.FieldEncryptionExecutorTransform

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CACHE_EXPIRY_SECS
static final String	CACHE_SIZE
static final String	CLOCK
static final byte[]	EMPTY_AAD
static final String	ENCRYPT_DEK_ALGORITHM
static final String	ENCRYPT_DEK_EXPIRY_DAYS
static final String	ENCRYPT_KEK_NAME
static final String	ENCRYPT_KMS_KEY_ID
static final String	ENCRYPT_KMS_TYPE
static final String	KMS_TYPE_SUFFIX
static final String	TYPE

Fields inherited from class io.confluent.kafka.schemaregistry.rules.FieldRuleExecutor

PRESERVE_SOURCE_FIELDS

Fields inherited from interface io.confluent.kafka.schemaregistry.rules.RuleBase

DEFAULT_NAME

Constructor Summary

Constructors

Constructor	Description
FieldEncryptionExecutor()

Method Summary

Modifier and Type	Method	Description
boolean	addOriginalConfigs()
void	close()
void	configure(Map<String,?> configs)
EncryptionExecutor	getEncryptionExecutor()
FieldEncryptionExecutor.FieldEncryptionExecutorTransform	newTransform(RuleContext ctx)
String	type()

Methods inherited from class io.confluent.kafka.schemaregistry.rules.FieldRuleExecutor

isPreserveSource, transform

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

TYPE

public static final String TYPE

See Also:

• Constant Field Values

ENCRYPT_KEK_NAME

public static final String ENCRYPT_KEK_NAME

See Also:

• Constant Field Values

ENCRYPT_KMS_KEY_ID

public static final String ENCRYPT_KMS_KEY_ID

See Also:

• Constant Field Values

ENCRYPT_KMS_TYPE

public static final String ENCRYPT_KMS_TYPE

See Also:

• Constant Field Values

ENCRYPT_DEK_ALGORITHM

public static final String ENCRYPT_DEK_ALGORITHM

See Also:

• Constant Field Values

ENCRYPT_DEK_EXPIRY_DAYS

public static final String ENCRYPT_DEK_EXPIRY_DAYS

See Also:

• Constant Field Values

KMS_TYPE_SUFFIX

public static final String KMS_TYPE_SUFFIX

See Also:

• Constant Field Values

EMPTY_AAD

public static final byte[] EMPTY_AAD

CACHE_EXPIRY_SECS

public static final String CACHE_EXPIRY_SECS

See Also:

• Constant Field Values

CACHE_SIZE

public static final String CACHE_SIZE

See Also:

• Constant Field Values

CLOCK

public static final String CLOCK

See Also:

• Constant Field Values

Constructor Details

FieldEncryptionExecutor

public FieldEncryptionExecutor()

Method Details

addOriginalConfigs

public boolean addOriginalConfigs()

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

Specified by:

configure in interface RuleBase

Overrides:

configure in class FieldRuleExecutor

type

public String type()

getEncryptionExecutor

public EncryptionExecutor getEncryptionExecutor()

newTransform

public FieldEncryptionExecutor.FieldEncryptionExecutorTransform newTransform(RuleContext ctx)
                                                                      throws RuleException

Specified by:

newTransform in class FieldRuleExecutor

Throws:

RuleException

close

public void close()
           throws RuleException

Throws:

RuleException