Package de.otto.kafka.messaging.e2ee.vault

Class VaultEncryptionKeyProvider

java.lang.Object
de.otto.kafka.messaging.e2ee.vault.VaultEncryptionKeyProvider
All Implemented Interfaces:
EncryptionKeyProvider
public final class VaultEncryptionKeyProvider extends Object implements EncryptionKeyProvider

  • Constructor Details

  • Method Details

    • retrieveKeyForEncryption

      public EncryptionKeyProvider.KeyVersion retrieveKeyForEncryption(String kafkaTopicName)
      Specified by:
      retrieveKeyForEncryption in interface EncryptionKeyProvider
      Parameters:
      kafkaTopicName - the name of the topic to encrypt
      Returns:
      a key for encryption or null if encryption is not needed

    • retrieveKeyForDecryption

      public String retrieveKeyForDecryption(String topic, int version)
      Specified by:
      retrieveKeyForDecryption in interface EncryptionKeyProvider
      Parameters:
      topic - the name of the topic to decrypt
      version - the version of the key
      Returns:
      base64 and URL-Encoded encoded key

    • retrieveKeyForDecryption

      public String retrieveKeyForDecryption(String topic, int version, String encryptionKeyAttributeName)
      Specified by:
      retrieveKeyForDecryption in interface EncryptionKeyProvider
      Parameters:
      topic - the name of the topic to decrypt
      version - the version of the key
      encryptionKeyAttributeName - the name of the encryption key within the vault. When null then the default value must be used.
      Returns:
      base64 and URL-Encoded encoded key

    • isEncryptedTopic

      public boolean isEncryptedTopic(String kafkaTopicName)
      Specified by:
      isEncryptedTopic in interface EncryptionKeyProvider
      Parameters:
      kafkaTopicName - the name of the topic
      Returns:
      true when the topic can contain encrypted payloads