Package org.apache.iceberg.azure.keymanagement

Class AzureKeyManagementClient

java.lang.Object

org.apache.iceberg.azure.keymanagement.AzureKeyManagementClient

All Implemented Interfaces:

Closeable, Serializable, AutoCloseable, KeyManagementClient

public class AzureKeyManagementClient
extends Object
implements KeyManagementClient

Azure key management client which connects to Azure Key Vault.

See Also:

• Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.iceberg.encryption.KeyManagementClient

KeyManagementClient.KeyGenerationResult

Constructor Summary

Constructors

Constructor	Description
AzureKeyManagementClient()

Method Summary

Modifier and Type	Method	Description
void	initialize(Map<String,String> properties)	Initialize the KMS client with given properties.
ByteBuffer	unwrapKey(ByteBuffer wrappedKey, String wrappingKeyId)	Unwrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.
ByteBuffer	wrapKey(ByteBuffer key, String wrappingKeyId)	Wrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.iceberg.encryption.KeyManagementClient

close, generateKey, supportsKeyGeneration

Constructor Details

AzureKeyManagementClient

public AzureKeyManagementClient()

Method Details

initialize

public void initialize(Map<String,String> properties)

Description copied from interface: KeyManagementClient

Initialize the KMS client with given properties.

Specified by:

initialize in interface KeyManagementClient

Parameters:

properties - kms client properties

wrapKey

public ByteBuffer wrapKey(ByteBuffer key,
 String wrappingKeyId)

Description copied from interface: KeyManagementClient

Wrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID. Wrapping means encryption of the secret key with the master key, and adding optional KMS-specific metadata that allows the KMS to decrypt the secret key in an unwrapping call.

Specified by:

wrapKey in interface KeyManagementClient

Parameters:

key - a secret key being wrapped

wrappingKeyId - a key ID that represents a wrapping key stored in KMS

Returns:

wrapped key material

unwrapKey

public ByteBuffer unwrapKey(ByteBuffer wrappedKey,
 String wrappingKeyId)

Description copied from interface: KeyManagementClient

Unwrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.

Specified by:

unwrapKey in interface KeyManagementClient

Parameters:

wrappedKey - wrapped key material (encrypted key and optional KMS metadata, returned by the wrapKey method)

wrappingKeyId - a key ID that represents a wrapping key stored in KMS

Returns:

raw key bytes