Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support KMS encryption context in the Kafka buffer's encryption #3484

Closed
dlvenable opened this issue Oct 11, 2023 · 0 comments · Fixed by #3486
Closed

Support KMS encryption context in the Kafka buffer's encryption #3484

dlvenable opened this issue Oct 11, 2023 · 0 comments · Fixed by #3486
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@dlvenable
Copy link
Member

dlvenable commented Oct 11, 2023

Is your feature request related to a problem? Please describe.

The Kafka buffer can now decrypt an envelope encryption key using KMS. However, sometimes, we want to decrypt with an encryption context.

Describe the solution you'd like

Add support for KMS encryption context in the configuration. Use this value when sending the kms:Decrypt request.

buffer:
  kafka:
    topics:
      - name: MyTopic
        encryption_key: AQIDAHhBQ4iH7RP28kWDRU1yN2K73qYEE2d8i06EBly7HoDSIwFXoO+oiW+HOlam8lfIUFwLAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/j9Uf9cxYv/poV0FAgEQgDuVG9jfls3Ys7dR/cRKmdkcYDJw/XzR/ZEnZwcT9e+XB1T+SxC0YHLtc33lRwoD/UV0Ot+y8oUBqMvaXg==
        kms:
          key_id: alias/ExampleAlias
          encryption_context:
            mykey1: myvalue1
            mykey2: myvalue2
            mykey3: myvalue3

Additionally, we can move the kms_key_id into a new kms section.

Describe alternatives you've considered (Optional)

Add a new field: kms_encryption_key. But, this list of kms_ prefix options could grow.

Additional context

Kafka buffer issue for encryption/decryption and KMS: #3422

@dlvenable dlvenable added the enhancement New feature or request label Oct 11, 2023
@dlvenable dlvenable self-assigned this Oct 11, 2023
@dlvenable dlvenable added this to the v2.6 milestone Oct 11, 2023
dlvenable added a commit to dlvenable/data-prepper that referenced this issue Oct 11, 2023
…oves the kms_key_id into a new kms section along with encryption_context. Resolves opensearch-project#3484

Signed-off-by: David Venable <[email protected]>
dlvenable added a commit that referenced this issue Oct 12, 2023
…oves the kms_key_id into a new kms section along with encryption_context. Resolves #3484 (#3486)

Signed-off-by: David Venable <[email protected]>
@github-project-automation github-project-automation bot moved this from Unplanned to Done in Data Prepper Tracking Board Oct 12, 2023
@dlvenable dlvenable modified the milestones: v2.6, v2.7 Nov 1, 2023
@dlvenable dlvenable modified the milestones: v2.7, v2.6 Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

1 participant