Interface KmsClient
-
- All Known Implementing Classes:
LocalWrapKmsClient
public interface KmsClient
-
-
Field Summary
Fields Modifier and Type Field Description static String
KEY_ACCESS_TOKEN_DEFAULT
static String
KMS_INSTANCE_ID_DEFAULT
static String
KMS_INSTANCE_URL_DEFAULT
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
initialize(org.apache.hadoop.conf.Configuration configuration, String kmsInstanceID, String kmsInstanceURL, String accessToken)
Pass configuration with KMS-specific parameters.byte[]
unwrapKey(String wrappedKey, String masterKeyIdentifier)
Decrypts (unwraps) a key with the master key.String
wrapKey(byte[] keyBytes, String masterKeyIdentifier)
Wraps a key - encrypts it with the master key, encodes the result and potentially adds a KMS-specific metadata.
-
-
-
Field Detail
-
KMS_INSTANCE_ID_DEFAULT
static final String KMS_INSTANCE_ID_DEFAULT
- See Also:
- Constant Field Values
-
KMS_INSTANCE_URL_DEFAULT
static final String KMS_INSTANCE_URL_DEFAULT
- See Also:
- Constant Field Values
-
KEY_ACCESS_TOKEN_DEFAULT
static final String KEY_ACCESS_TOKEN_DEFAULT
- See Also:
- Constant Field Values
-
-
Method Detail
-
initialize
void initialize(org.apache.hadoop.conf.Configuration configuration, String kmsInstanceID, String kmsInstanceURL, String accessToken) throws KeyAccessDeniedException
Pass configuration with KMS-specific parameters.- Parameters:
configuration
- Hadoop configurationkmsInstanceID
- ID of the KMS instance handled by this KmsClient. Use the default value, for KMS systems that don't work with multiple instances.kmsInstanceURL
- URL of the KMS instance handled by this KmsClient. Use the default value, for KMS systems that don't work with URLs.accessToken
- KMS access (authorization) token. Use the default value, for KMS systems that don't work with tokens.- Throws:
KeyAccessDeniedException
- unauthorized to initialize the KMS client
-
wrapKey
String wrapKey(byte[] keyBytes, String masterKeyIdentifier) throws KeyAccessDeniedException
Wraps a key - encrypts it with the master key, encodes the result and potentially adds a KMS-specific metadata. If your KMS client code throws runtime exceptions related to access/permission problems (such as Hadoop AccessControlException), catch them and throw the KeyAccessDeniedException.- Parameters:
keyBytes
- : key bytes to be wrappedmasterKeyIdentifier
- : a string that uniquely identifies the master key in a KMS instance- Returns:
- wrapped key
- Throws:
KeyAccessDeniedException
- unauthorized to encrypt with the given master key
-
unwrapKey
byte[] unwrapKey(String wrappedKey, String masterKeyIdentifier) throws KeyAccessDeniedException
Decrypts (unwraps) a key with the master key. If your KMS client code throws runtime exceptions related to access/permission problems (such as Hadoop AccessControlException), catch them and throw the KeyAccessDeniedException.- Parameters:
wrappedKey
- String produced by wrapKey operationmasterKeyIdentifier
- : a string that uniquely identifies the master key in a KMS instance- Returns:
- unwrapped key bytes
- Throws:
KeyAccessDeniedException
- unauthorized to unwrap with the given master key
-
-