Package com.linecorp.centraldogma.server.storage.encryption

Interface EncryptionStorageManager

All Superinterfaces:
AutoCloseable, SafeCloseable
All Known Implementing Classes:
NoopEncryptionStorageManager
public interface EncryptionStorageManager extends SafeCloseable
Manages the storage of encrypted data at rest.

  • Method Details

    • of

      static EncryptionStorageManager of(CentralDogmaConfig cfg)
      Creates a new EncryptionStorageManager instance.

    • of

      static EncryptionStorageManager of(Path path, boolean encryptSessionCookie)
      Creates a new EncryptionStorageManager instance.

    • enabled

      boolean enabled()
      Returns true if the encryption at rest is enabled.

    • encryptSessionCookie

      boolean encryptSessionCookie()
      Returns true if the session cookie should be encrypted.

    • generateWdek

      CompletableFuture<byte[]> generateWdek()
      Generates a new data encryption key (DEK) and wraps it.

    • generateSessionMasterKey

      CompletableFuture<SessionMasterKey> generateSessionMasterKey()
      Generates a new session master key.

    • storeSessionMasterKey

      void storeSessionMasterKey(SessionMasterKey sessionMasterKey)
      Stores the session master key.

    • getCurrentSessionKey

      CompletableFuture<SessionKey> getCurrentSessionKey()
      Returns the current session master key.

    • getDek

      SecretKey getDek(String projectName, String repoName, int version)
      Returns the data encryption key (DEK) for the specified project and repository.

    • getCurrentDek

      SecretKeyWithVersion getCurrentDek(String projectName, String repoName)
      Returns the current wrapped data encryption key (WDEK) for the specified project and repository.

    • storeWdek

      void storeWdek(String projectName, String repoName, byte[] wdek)
      Stores the wrapped data encryption key (WDEK) for the specified project and repository. This raises an exception if the WDEK already exists.

    • removeWdek

      void removeWdek(String projectName, String repoName)
      Removes the wrapped data encryption key (WDEK) for the specified project and repository.

    • getObject

      @Nullable byte[] getObject(byte[] key, byte[] metadataKey)
      Returns the object associated with the specified key.

    • getObjectId

      @Nullable byte[] getObjectId(byte[] key, byte[] metadataKey)
      Returns the object ID bytes associated with the specified key.

    • getMetadata

      @Nullable byte[] getMetadata(byte[] metadataKey)
      Returns the value of the specified metadata key.

    • putObject

      void putObject(byte[] metadataKey, byte[] metadataValue, byte[] key, byte[] value)
      Stores the specified key-value object with metadata.

    • putObjectId

      void putObjectId(byte[] metadataKey, byte[] metadataValue, byte[] key, byte[] value, @Nullable byte[] previousKeyToRemove)
      Stores the specified key-value pair with metadata. The previousKeyToRemove will be removed.

    • containsMetadata

      boolean containsMetadata(byte[] key)
      Returns true if the specified key exists.

    • deleteObjectId

      void deleteObjectId(byte[] metadataKey, byte[] key)
      Deletes the specified keys.

    • deleteRepositoryData

      void deleteRepositoryData(String projectName, String repoName)
      Deletes all data related to the specified project and repository.

    • getAllData

      @Deprecated Map<String,Map<String,byte[]>> getAllData()
      Deprecated.
      Do not use this method for production code as it may return a large amount of data.
      Returns all data stored in the encryption storage manager.