Package org.apache.iceberg.encryption
Class StandardEncryptionManager
java.lang.Object
org.apache.iceberg.encryption.StandardEncryptionManager
- All Implemented Interfaces:
Serializable,EncryptionManager
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionStandardEncryptionManager(String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient) Deprecated.will be removed in 1.12.0.StandardEncryptionManager(List<EncryptedKey> keys, String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient) -
Method Summary
Modifier and TypeMethodDescriptionaddManifestListKeyMetadata(NativeEncryptionKeyMetadata keyMetadata) decrypt(Iterable<EncryptedInputFile> encrypted) Variant ofEncryptionManager.decrypt(EncryptedInputFile)that provides a sequence of files that all need to be decrypted in a single context.decrypt(EncryptedInputFile encrypted) Given anEncryptedInputFile.encryptedInputFile()representing the raw encrypted bytes from the underlying file system, and given metadata about how the file was encrypted viaEncryptedInputFile.keyMetadata(), return anInputFilethat returns decrypted input streams.encrypt(OutputFile plainOutput) Given a handle on anOutputFilethat writes raw bytes to the underlying file system, return a bundle of anEncryptedOutputFile.encryptingOutputFile()that writes encrypted bytes to the underlying file system, and theEncryptedOutputFile.keyMetadata()that points to the encryption key that is being used to encrypt this file.unwrapKey(ByteBuffer wrappedSecretKey) Deprecated.will be removed in 1.12.0.wrapKey(ByteBuffer secretKey) Deprecated.will be removed in 1.12.0.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.iceberg.encryption.EncryptionManager
encrypt
-
Constructor Details
-
StandardEncryptionManager
@Deprecated public StandardEncryptionManager(String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient) Deprecated.will be removed in 1.12.0. -
StandardEncryptionManager
public StandardEncryptionManager(List<EncryptedKey> keys, String tableKeyId, int dataKeyLength, KeyManagementClient kmsClient) - Parameters:
keys- encryption keys from table metadatatableKeyId- table encryption key iddataKeyLength- length of data encryption key (16/24/32 bytes)kmsClient- Client of KMS used to wrap/unwrap keys in envelope encryption
-
-
Method Details
-
encrypt
Description copied from interface:EncryptionManagerGiven a handle on anOutputFilethat writes raw bytes to the underlying file system, return a bundle of anEncryptedOutputFile.encryptingOutputFile()that writes encrypted bytes to the underlying file system, and theEncryptedOutputFile.keyMetadata()that points to the encryption key that is being used to encrypt this file.- Specified by:
encryptin interfaceEncryptionManager
-
decrypt
Description copied from interface:EncryptionManagerGiven anEncryptedInputFile.encryptedInputFile()representing the raw encrypted bytes from the underlying file system, and given metadata about how the file was encrypted viaEncryptedInputFile.keyMetadata(), return anInputFilethat returns decrypted input streams.- Specified by:
decryptin interfaceEncryptionManager
-
decrypt
Description copied from interface:EncryptionManagerVariant ofEncryptionManager.decrypt(EncryptedInputFile)that provides a sequence of files that all need to be decrypted in a single context.By default this calls the single-file decryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.
- Specified by:
decryptin interfaceEncryptionManager
-
wrapKey
Deprecated.will be removed in 1.12.0. -
unwrapKey
Deprecated.will be removed in 1.12.0. -
addManifestListKeyMetadata
-