Skip to content

Latest commit

 

History

History
74 lines (46 loc) · 3.16 KB

README.md

File metadata and controls

74 lines (46 loc) · 3.16 KB

Kafka Messaging End-To-End-Encryption library

Status

Library Maven Central OSS Lifecycle

About

You can use this library to make client side End-To-End-Encryption (E2EE).

For the encryption mechanism we have selected AES256 encryption with GCM mode. A 96 bits (12 bytes) initialization vector and 128 bits (16 bytes) authorization code.

The shared encryption key (256 bits, 32 bytes) is stored in HashiCorp Vault secret. The key is subject of rotation and each encrypted message carries the version number of the key used to encrypt the data.

Features

  • compatible with the internal otto kafka end-to-end encryption specification
  • encryption can be unit tested
  • supports multiple encrypted and/or unencrypted kafka topics with one single serializer and/or deserializer configuration
  • refreshes the vault authentication token when using app-role authentication
  • supports caching of the shared secrets (stored in the vault)
  • when the shared secrets are rotated they will be used with some delay (cache delay)

Usage

Changelog

Third Party Libraries

jopenlibs.github.io Vault Java Driver
Logback

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Commit style

We are using the semantic release plugin that automatically create tags based on the commit message. Therefor you should follow the Angular Commit Message Conventions

TL;DR

## Commit Message styles
fix(<something>): <fix a bug commit message>
feat(<something>): <build a new feature commit message>
docs(<something>): <add documentation commit message (will not create a new tag)>
refactor(<something>): <add refactoring commit message (will not create a new tag)>

Authors

See also the list of contributors who participated in this project.

License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details