We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is your feature request related to a problem? Please describe.
The Kafka buffer can now decrypt an envelope encryption key using KMS. However, sometimes, we want to decrypt with an encryption context.
Describe the solution you'd like
Add support for KMS encryption context in the configuration. Use this value when sending the kms:Decrypt request.
kms:Decrypt
buffer: kafka: topics: - name: MyTopic encryption_key: AQIDAHhBQ4iH7RP28kWDRU1yN2K73qYEE2d8i06EBly7HoDSIwFXoO+oiW+HOlam8lfIUFwLAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/j9Uf9cxYv/poV0FAgEQgDuVG9jfls3Ys7dR/cRKmdkcYDJw/XzR/ZEnZwcT9e+XB1T+SxC0YHLtc33lRwoD/UV0Ot+y8oUBqMvaXg== kms: key_id: alias/ExampleAlias encryption_context: mykey1: myvalue1 mykey2: myvalue2 mykey3: myvalue3
Additionally, we can move the kms_key_id into a new kms section.
kms_key_id
kms
Describe alternatives you've considered (Optional)
Add a new field: kms_encryption_key. But, this list of kms_ prefix options could grow.
kms_encryption_key
kms_
Additional context
Kafka buffer issue for encryption/decryption and KMS: #3422
The text was updated successfully, but these errors were encountered:
Adds KMS encryption_context for KMS encryption in the Kafka buffer. M…
6da8659
…oves the kms_key_id into a new kms section along with encryption_context. Resolves opensearch-project#3484 Signed-off-by: David Venable <[email protected]>
b4b4a98
…oves the kms_key_id into a new kms section along with encryption_context. Resolves #3484 (#3486) Signed-off-by: David Venable <[email protected]>
dlvenable
Successfully merging a pull request may close this issue.
Is your feature request related to a problem? Please describe.
The Kafka buffer can now decrypt an envelope encryption key using KMS. However, sometimes, we want to decrypt with an encryption context.
Describe the solution you'd like
Add support for KMS encryption context in the configuration. Use this value when sending the
kms:Decrypt
request.Additionally, we can move the
kms_key_id
into a newkms
section.Describe alternatives you've considered (Optional)
Add a new field:
kms_encryption_key
. But, this list ofkms_
prefix options could grow.Additional context
Kafka buffer issue for encryption/decryption and KMS: #3422
The text was updated successfully, but these errors were encountered: