Skip to content
/ csfle Public

Repository for CC client-side field level encryption

7 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pneff93/csfle

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
aws
aws
 
 
aws_shared_kek
aws_shared_kek
 
 
azure
azure
 
 
gcp
gcp
 
 
hashicorp
hashicorp
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Client-Side Field Level Encryption (CSFLE)

This repository provides several demos of the Confluent Cloud feature Client-Side Field Level Encryption.

It covers step-by-step guidelines for different KMS via folders:

Scenario Key Vault KEK shared
Azure Azure Key Vault no
HashiCorp HashiCorp Vault no
AWS AWS Key Management Service no
GCP GCP Key Management Service no
AWS - Shared AWS Key Management Service yes

Prerequisites

  • Confluent Cloud cluster with Advanced Stream Governance package
  • For clients, Confluent Platform 7.4.2 or 7.5.1 are required.

Goal

We will produce personal data to Confluent Cloud in the following form

{
    "id": "0",
    "name": "Anna",
    "birthday": "1993-08-01",
    "timestamp": "2023-10-07T19:54:21.884Z"
}

However, we set up the corresponding configurations to encrypt the birthday field. We then start a consumer with the corresponding configurations to decrypt the field again.

In order to have a realistic scenario, we do not produce and consume via the CLI but develop a producer and consumer application with Kotlin.

About

Repository for CC client-side field level encryption

Topics

encryption kafka hashicorp-vault confluent-cloud aws-secrets-manager gcp-secret-manager azure-vault

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages