Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.conduktor.io/llms.txt

Use this file to discover all available pages before exploring further.

The Interceptors on this page have been removed from Gateway. They are no longer available in the versions listed below. If you are running an older version of Gateway, this page preserves the documentation that was previously available.
This page gathers documentation for Interceptors that have been removed from the Gateway codebase. Each section notes the Gateway version in which the Interceptor was removed. If you’re looking for current Interceptors, see the Interceptor list.

JSONata transformer - produce (ProduceJsonataPlugin)

Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.
Full plugin name: io.conduktor.gateway.interceptor.ProduceJsonataPlugin Transformed message data on produce using JSONata expressions. Applied JSONata transformations to records before they were written to Kafka.

Configuration

{
  "pluginClass": "io.conduktor.gateway.interceptor.ProduceJsonataPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "expression": "$sift($, function($v, $k) {$k != 'password' and $k != 'visa'})",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081"
    },
    "jsonataConfig": {
      "cacheSize": 100,
      "timeoutMs": 60000,
      "maxDepth": 1000
    }
  }
}

Configuration properties

PropertyTypeDefaultDescription
topicString.*Topics matching this regex have the Interceptor applied.
expressionStringThe JSONata expression for transformation.
schemaRegistryConfigObjectSchema registry configuration.
jsonataConfig.cacheSizeInteger100Cache size for JSONata expressions.
jsonataConfig.timeoutMsLong60000Max execution time in milliseconds.
jsonataConfig.maxDepthInteger1000Limit for the number of recursive calls.

JSONata transformer - fetch (FetchJsonataPlugin)

Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.
Full plugin name: io.conduktor.gateway.interceptor.FetchJsonataPlugin Transformed message data on fetch/consume using JSONata expressions. Applied JSONata transformations to records as consumers read them through Gateway.

Configuration

{
  "pluginClass": "io.conduktor.gateway.interceptor.FetchJsonataPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "expression": "$sift($, function($v, $k) {$k != 'password' and $k != 'visa'})",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081"
    },
    "jsonataConfig": {
      "cacheSize": 100,
      "timeoutMs": 60000,
      "maxDepth": 1000
    }
  }
}

Configuration properties

PropertyTypeDefaultDescription
topicString.*Topics matching this regex have the Interceptor applied.
expressionStringThe JSONata expression for transformation.
schemaRegistryConfigObjectSchema registry configuration.
jsonataConfig.cacheSizeInteger100Cache size for JSONata expressions.
jsonataConfig.timeoutMsLong60000Max execution time in milliseconds.
jsonataConfig.maxDepthInteger1000Limit for the number of recursive calls.

Encrypt on consume (FetchEncryptPlugin)

Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.
Full plugin name: io.conduktor.gateway.interceptor.FetchEncryptPlugin Encrypted specific record fields or the entire payload during fetch/consume operations. Data stored in Kafka remained unencrypted — encryption was applied only when consumers read through Gateway. The configuration properties were the same as the list-based EncryptPlugin. Recommended alternative: Use data masking policies or EncryptPlugin (on produce) instead.

List-based encryption on consume

curl \
  --request PUT \
  --url 'http://localhost:8888/gateway/v2/interceptor' \
  --header 'Authorization: Basic YWRtaW46Y29uZHVrdG9y' \
  --header 'Content-Type: application/json' \
  --data-raw '{
  "name": "myEncryptPlugin",
  "pluginClass": "io.conduktor.gateway.interceptor.FetchEncryptPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081"
    },
    "kmsConfig": {
      "vault": {
        "uri": "http://vault:8200",
        "token": "vault-plaintext-root-token",
        "version": 1
      }
    },
    "recordValue": {
      "fields": [
        {
          "fieldName": "password",
          "keySecretId": "vault-kms://vault:8200/transit/keys/password-secret",
          "algorithm": "AES128_GCM"
        },
        {
          "fieldName": "visa",
          "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-visa-secret-{{record.key}}-{{record.value.username}}-{{record.value.education.account.accountId}}",
          "algorithm": "AES128_GCM"
        },
        {
          "fieldName": "education.account.username",
          "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-secret-key-account-username-{{record.topic}}",
          "algorithm": "AES128_GCM"
        }
      ]
    }
  }
}'

List-based encryption on consume with secured template

curl \
  --request PUT \
  --url 'http://localhost:8888/gateway/v2/interceptor' \
  --header 'Authorization: Basic YWRtaW46Y29uZHVrdG9y' \
  --header 'Content-Type: application/json' \
  --data-raw '{
  "name": "myEncryptPlugin",
  "pluginClass": "io.conduktor.gateway.interceptor.FetchEncryptPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081",
      "additionalConfigs": {
        "schema.registry.url": "${SR_URL}",
        "basic.auth.credentials.source": "${SR_BASIC_AUTH_CRED_SRC}",
        "basic.auth.user.info": "${SR_BASIC_AUTH_USER_INFO}"
      }
    },
    "kmsConfig": {
      "vault": {
        "uri": "https://vault:8200",
        "token": "${VAULT_TOKEN}",
        "trustStore": {
          "trustStorePath": "/security/truststore.jks"
        }
      }
    },
    "recordValue": {
      "fields": [
        {
          "fieldName": "password",
          "keySecretId": "vault-kms://vault:8200/transit/keys/password-secret",
          "algorithm": "AES128_GCM"
        },
        {
          "fieldName": "visa",
          "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-visa-secret-{{record.key}}-{{record.value.username}}-{{record.value.education.account.accountId}}",
          "algorithm": "AES128_GCM"
        },
        {
          "fieldName": "education.account.username",
          "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-secret-key-account-username-{{record.topic}}",
          "algorithm": "AES128_GCM"
        }
      ]
    }
  }
}'

Encrypt on consume - schema based (FetchEncryptSchemaBasedPlugin)

Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.
Full plugin name: io.conduktor.gateway.interceptor.FetchEncryptSchemaBasedPlugin Encrypted fields tagged in a specified schema during fetch/consume operations. Data stored in Kafka remained unencrypted — encryption was applied only when consumers read through Gateway. The configuration properties were the same as the schema-based EncryptSchemaBasedPlugin. Recommended alternative: Use data masking policies or EncryptSchemaBasedPlugin (on produce) instead.

Schema-based encryption on consume

curl \
  --request PUT \
  --url 'http://localhost:8888/gateway/v2/interceptor' \
  --header 'Authorization: Basic YWRtaW46Y29uZHVrdG9y' \
  --header 'Content-Type: application/json' \
  --data-raw '{
  "name": "mySchemaBasedEncryptPlugin",
  "pluginClass": "io.conduktor.gateway.interceptor.FetchEncryptSchemaBasedPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081"
    },
    "kmsConfig": {
      "vault": {
        "uri": "https://vault:8200",
        "token": "vault-plaintext-root-token",
        "trustStore": {
          "trustStorePath": "/security/truststore.jks"
        }
      }
    },
    "defaultKeySecretId": "vault-kms://vault:8200/transit/keys/myDefaultKeySecret",
    "defaultAlgorithm": "AES128_EAX",
    "tags": ["PII", "ENCRYPTION"],
    "namespace": "conduktor."
  }
}'