You can use this library to make client side End-To-End-Encryption (E2EE).
For the encryption mechanism we have selected AES256 encryption with GCM mode. A 96 bits (12 bytes) initialization vector and 128 bits (16 bytes) authorization code.
The shared encryption key (256 bits, 32 bytes) is stored in HashiCorp Vault secret. The key is subject of rotation and each encrypted message carries the version number of the key used to encrypt the data.
- compatible with the internal otto kafka end-to-end encryption specification
- encryption can be unit tested
- supports multiple encrypted and/or unencrypted kafka topics with one single serializer and/or deserializer configuration
- refreshes the vault authentication token when using app-role authentication
- supports caching of the shared secrets (stored in the vault)
- when the shared secrets are rotated they will be used with some delay (cache delay)
- see: kafka-messaging-e2ee at Maven Central
- see: USAGE.md
- see: Some examples
- see: CHANGELOG.md
- The Vault Java Driver is licensed under the MIT License.
- The SLF4J API is licensed under the MIT License.
We use SemVer for versioning. For the versions available, see the tags on this repository.
We are using the semantic release plugin that automatically create tags based on the commit message. Therefor you should follow the Angular Commit Message Conventions
TL;DR
## Commit Message styles
fix(<something>): <fix a bug commit message>
feat(<something>): <build a new feature commit message>
docs(<something>): <add documentation commit message (will not create a new tag)>
refactor(<something>): <add refactoring commit message (will not create a new tag)>
See also the list of contributors who participated in this project.
This project is licensed under the Apache 2.0 License - see the LICENSE file for details