Package org.apache.iceberg.encryption

Interface KmsClient

All Superinterfaces:
Serializable
@Deprecated public interface KmsClient extends Serializable
Deprecated.
the API will be removed in v2.0.0 (replaced with KeyManagementClient interface).

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static class 
    KmsClient.KeyGenerationResult
    Deprecated.
    For KMS systems that support key generation, this class keeps the key generation result - the raw secret key, and its wrap.

  • Method Summary

    Modifier and Type
    Method
    Description
    default KmsClient.KeyGenerationResult
    generateKey(String wrappingKeyId)
    Deprecated.
    Generate a new secret key in the KMS server, and wrap it using a wrapping/master key which is stored in KMS and referenced by an ID.
    void
    initialize(Map<String,String> properties)
    Deprecated.
    Initialize the KMS client with given properties
    default boolean
    supportsKeyGeneration()
    Deprecated.
    Some KMS systems support generation of secret keys inside the KMS server.
    ByteBuffer
    unwrapKey(String wrappedKey, String wrappingKeyId)
    Deprecated.
    Unwrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.
    String
    wrapKey(ByteBuffer key, String wrappingKeyId)
    Deprecated.
    Wrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.

  • Method Details

    • wrapKey

      String wrapKey(ByteBuffer key, String wrappingKeyId)
      Deprecated.
      Wrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID. Wrapping means encryption of the secret key with the master key, and adding optional KMS-specific metadata that allows the KMS to decrypt the secret key in an unwrapping call.
      Parameters:
      key - a secret key being wrapped
      wrappingKeyId - a key ID that represents a wrapping key stored in KMS
      Returns:
      wrapped key material

    • supportsKeyGeneration

      default boolean supportsKeyGeneration()
      Deprecated.
      Some KMS systems support generation of secret keys inside the KMS server.
      Returns:
      true if KMS server supports key generation and KmsClient implementation is interested to leverage this capability. Otherwise, return false - Iceberg will then generate secret keys locally (using the SecureRandom mechanism) and call wrapKey(ByteBuffer, String) to wrap them in KMS.

    • generateKey

      default KmsClient.KeyGenerationResult generateKey(String wrappingKeyId)
      Deprecated.
      Generate a new secret key in the KMS server, and wrap it using a wrapping/master key which is stored in KMS and referenced by an ID. This method will be called only if supportsKeyGeneration returns true.
      Parameters:
      wrappingKeyId - a key ID that represents a wrapping key stored in KMS
      Returns:
      key in two forms: raw, and wrapped with the given wrappingKeyId

    • unwrapKey

      ByteBuffer unwrapKey(String wrappedKey, String wrappingKeyId)
      Deprecated.
      Unwrap a secret key, using a wrapping/master key which is stored in KMS and referenced by an ID.
      Parameters:
      wrappedKey - wrapped key material (encrypted key and optional KMS metadata, returned by the wrapKey method)
      wrappingKeyId - a key ID that represents a wrapping key stored in KMS
      Returns:
      raw key bytes

    • initialize

      void initialize(Map<String,String> properties)
      Deprecated.
      Initialize the KMS client with given properties
      Parameters:
      properties - kms client properties