Package com.linecorp.centraldogma.server.storage.encryption

Interface EncryptionStorageManager

All Superinterfaces:
AutoCloseable, SafeCloseable
All Known Implementing Classes:
NoopEncryptionStorageManager
public interface EncryptionStorageManager extends SafeCloseable
Manages the storage of encrypted data at rest.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    containsMetadata(byte[] key)
    Returns true if the specified key exists.
    void
    deleteObjectId(byte[] metadataKey, byte[] key)
    Deletes the specified keys.
    void
    deleteRepositoryData(String projectName, String repoName)
    Deletes all data related to the specified project and repository.
    boolean
    enabled()
    Returns true if the encryption at rest is enabled.
    CompletableFuture<byte[]>
    generateWdek()
    Generates a new data encryption key (DEK) and wraps it.
    Map<String,Map<String,byte[]>>
    getAllData()
    Deprecated.
    Do not use this method for production code as it may return a large amount of data.
    SecretKeyWithVersion
    getCurrentDek(String projectName, String repoName)
    Returns the current wrapped data encryption key (WDEK) for the specified project and repository.
    SecretKey
    getDek(String projectName, String repoName, int version)
    Returns the data encryption key (DEK) for the specified project and repository.
    byte[]
    getMetadata(byte[] metadataKey)
    Returns the value of the specified metadata key.
    byte[]
    getObject(byte[] key, byte[] metadataKey)
    Returns the object associated with the specified key.
    byte[]
    getObjectId(byte[] key, byte[] metadataKey)
    Returns the object ID bytes associated with the specified key.
    static EncryptionStorageManager
    of(CentralDogmaConfig cfg)
    Creates a new EncryptionStorageManager instance.
    static EncryptionStorageManager
    of(Path path)
    Creates a new EncryptionStorageManager instance.
    void
    putObject(byte[] metadataKey, byte[] metadataValue, byte[] key, byte[] value)
    Stores the specified key-value object with metadata.
    void
    putObjectId(byte[] metadataKey, byte[] metadataValue, byte[] key, byte[] value, byte[] previousKeyToRemove)
    Stores the specified key-value pair with metadata.
    void
    removeWdek(String projectName, String repoName)
    Removes the wrapped data encryption key (WDEK) for the specified project and repository.
    void
    storeWdek(String projectName, String repoName, byte[] wdek)
    Stores the wrapped data encryption key (WDEK) for the specified project and repository.

    Methods inherited from interface com.linecorp.armeria.common.util.SafeCloseable

    close

  • Method Details

    • of

      static EncryptionStorageManager of(CentralDogmaConfig cfg)
      Creates a new EncryptionStorageManager instance.

    • of

      static EncryptionStorageManager of(Path path)
      Creates a new EncryptionStorageManager instance.

    • enabled

      boolean enabled()
      Returns true if the encryption at rest is enabled.

    • generateWdek

      CompletableFuture<byte[]> generateWdek()
      Generates a new data encryption key (DEK) and wraps it.

    • getDek

      SecretKey getDek(String projectName, String repoName, int version)
      Returns the data encryption key (DEK) for the specified project and repository.

    • getCurrentDek

      SecretKeyWithVersion getCurrentDek(String projectName, String repoName)
      Returns the current wrapped data encryption key (WDEK) for the specified project and repository.

    • storeWdek

      void storeWdek(String projectName, String repoName, byte[] wdek)
      Stores the wrapped data encryption key (WDEK) for the specified project and repository. This raises an exception if the WDEK already exists.

    • removeWdek

      void removeWdek(String projectName, String repoName)
      Removes the wrapped data encryption key (WDEK) for the specified project and repository.

    • getObject

      @Nullable byte[] getObject(byte[] key, byte[] metadataKey)
      Returns the object associated with the specified key.

    • getObjectId

      @Nullable byte[] getObjectId(byte[] key, byte[] metadataKey)
      Returns the object ID bytes associated with the specified key.

    • getMetadata

      @Nullable byte[] getMetadata(byte[] metadataKey)
      Returns the value of the specified metadata key.

    • putObject

      void putObject(byte[] metadataKey, byte[] metadataValue, byte[] key, byte[] value)
      Stores the specified key-value object with metadata.

    • putObjectId

      void putObjectId(byte[] metadataKey, byte[] metadataValue, byte[] key, byte[] value, @Nullable byte[] previousKeyToRemove)
      Stores the specified key-value pair with metadata. The previousKeyToRemove will be removed.

    • containsMetadata

      boolean containsMetadata(byte[] key)
      Returns true if the specified key exists.

    • deleteObjectId

      void deleteObjectId(byte[] metadataKey, byte[] key)
      Deletes the specified keys.

    • deleteRepositoryData

      void deleteRepositoryData(String projectName, String repoName)
      Deletes all data related to the specified project and repository.

    • getAllData

      @Deprecated Map<String,Map<String,byte[]>> getAllData()
      Deprecated.
      Do not use this method for production code as it may return a large amount of data.
      Returns all data stored in the encryption storage manager.