Package org.apache.iceberg.encryption
Interface EncryptionManager
-
- All Superinterfaces:
java.io.Serializable
- All Known Implementing Classes:
PlaintextEncryptionManager
,StandardEncryptionManager
public interface EncryptionManager extends java.io.Serializable
Module for encrypting and decrypting table data files.This must be serializable because an instance may be instantiated in one place and sent across the wire in some Iceberg integrations, notably Spark.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default java.lang.Iterable<InputFile>
decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
Variant ofdecrypt(EncryptedInputFile)
that provides a sequence of files that all need to be decrypted in a single context.InputFile
decrypt(EncryptedInputFile encrypted)
Given anEncryptedInputFile.encryptedInputFile()
representing the raw encrypted bytes from the underlying file system, and given metadata about how the file was encrypted viaEncryptedInputFile.keyMetadata()
, return anInputFile
that returns decrypted input streams.default java.lang.Iterable<EncryptedOutputFile>
encrypt(java.lang.Iterable<OutputFile> rawOutput)
Variant ofencrypt(OutputFile)
that provides a sequence of files that all need to be encrypted in a single context.EncryptedOutputFile
encrypt(OutputFile rawOutput)
Given a handle on anOutputFile
that writes raw bytes to the underlying file system, return a bundle of anEncryptedOutputFile.encryptingOutputFile()
that writes encrypted bytes to the underlying file system, and theEncryptedOutputFile.keyMetadata()
that points to the encryption key that is being used to encrypt this file.
-
-
-
Method Detail
-
decrypt
InputFile decrypt(EncryptedInputFile encrypted)
Given anEncryptedInputFile.encryptedInputFile()
representing the raw encrypted bytes from the underlying file system, and given metadata about how the file was encrypted viaEncryptedInputFile.keyMetadata()
, return anInputFile
that returns decrypted input streams.
-
decrypt
default java.lang.Iterable<InputFile> decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
Variant ofdecrypt(EncryptedInputFile)
that provides a sequence of files that all need to be decrypted in a single context.By default this calls the single-file decryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.
-
encrypt
EncryptedOutputFile encrypt(OutputFile rawOutput)
Given a handle on anOutputFile
that writes raw bytes to the underlying file system, return a bundle of anEncryptedOutputFile.encryptingOutputFile()
that writes encrypted bytes to the underlying file system, and theEncryptedOutputFile.keyMetadata()
that points to the encryption key that is being used to encrypt this file.
-
encrypt
default java.lang.Iterable<EncryptedOutputFile> encrypt(java.lang.Iterable<OutputFile> rawOutput)
Variant ofencrypt(OutputFile)
that provides a sequence of files that all need to be encrypted in a single context.By default this calls the single-file encryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.
-
-