> ## Documentation Index
> Fetch the complete documentation index at: https://docs.conduktor.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Removed Interceptors

> Documentation for Gateway Interceptors that have been removed in recent versions. For users running older Gateway versions.

<Warning>
  The Interceptors on this page have been removed from Gateway. They are no longer available in the versions listed below.
  If you are running an older version of Gateway, this page preserves the documentation that was previously available.
</Warning>

This page gathers documentation for Interceptors that have been removed from the Gateway codebase. Each section notes the Gateway version in which the Interceptor was removed.

If you're looking for current Interceptors, see the [Interceptor list](/guide/reference/interceptor-reference).

## JSONata transformer - produce (ProduceJsonataPlugin)

<Note>Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.</Note>

Full plugin name: `io.conduktor.gateway.interceptor.ProduceJsonataPlugin`

Transformed message data on produce using [JSONata](https://jsonata.org/) expressions. Applied JSONata transformations to records before they were written to Kafka.

### Configuration

```json theme={null}
{
  "pluginClass": "io.conduktor.gateway.interceptor.ProduceJsonataPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "expression": "$sift($, function($v, $k) {$k != 'password' and $k != 'visa'})",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081"
    },
    "jsonataConfig": {
      "cacheSize": 100,
      "timeoutMs": 60000,
      "maxDepth": 1000
    }
  }
}
```

### Configuration properties

| Property                  | Type    | Default | Description                                              |
| ------------------------- | ------- | ------- | -------------------------------------------------------- |
| `topic`                   | String  | `.*`    | Topics matching this regex have the Interceptor applied. |
| `expression`              | String  |         | The JSONata expression for transformation.               |
| `schemaRegistryConfig`    | Object  |         | Schema registry configuration.                           |
| `jsonataConfig.cacheSize` | Integer | `100`   | Cache size for JSONata expressions.                      |
| `jsonataConfig.timeoutMs` | Long    | `60000` | Max execution time in milliseconds.                      |
| `jsonataConfig.maxDepth`  | Integer | `1000`  | Limit for the number of recursive calls.                 |

## JSONata transformer - fetch (FetchJsonataPlugin)

<Note>Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.</Note>

Full plugin name: `io.conduktor.gateway.interceptor.FetchJsonataPlugin`

Transformed message data on fetch/consume using [JSONata](https://jsonata.org/) expressions. Applied JSONata transformations to records as consumers read them through Gateway.

### Configuration

```json theme={null}
{
  "pluginClass": "io.conduktor.gateway.interceptor.FetchJsonataPlugin",
  "priority": 100,
  "config": {
    "topic": ".*",
    "expression": "$sift($, function($v, $k) {$k != 'password' and $k != 'visa'})",
    "schemaRegistryConfig": {
      "host": "http://schema-registry:8081"
    },
    "jsonataConfig": {
      "cacheSize": 100,
      "timeoutMs": 60000,
      "maxDepth": 1000
    }
  }
}
```

### Configuration properties

| Property                  | Type    | Default | Description                                              |
| ------------------------- | ------- | ------- | -------------------------------------------------------- |
| `topic`                   | String  | `.*`    | Topics matching this regex have the Interceptor applied. |
| `expression`              | String  |         | The JSONata expression for transformation.               |
| `schemaRegistryConfig`    | Object  |         | Schema registry configuration.                           |
| `jsonataConfig.cacheSize` | Integer | `100`   | Cache size for JSONata expressions.                      |
| `jsonataConfig.timeoutMs` | Long    | `60000` | Max execution time in milliseconds.                      |
| `jsonataConfig.maxDepth`  | Integer | `1000`  | Limit for the number of recursive calls.                 |

## Encrypt on consume (FetchEncryptPlugin)

<Note>Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.</Note>

Full plugin name: `io.conduktor.gateway.interceptor.FetchEncryptPlugin`

Encrypted specific record fields or the entire payload during fetch/consume operations. Data stored in Kafka remained unencrypted — encryption was applied only when consumers read through Gateway.

The configuration properties were the same as the list-based [EncryptPlugin](/guide/reference/data-security#encryption-configuration).

**Recommended alternative:** Use [data masking policies](/guide/conduktor-in-production/admin/data-masking) or [EncryptPlugin](/guide/reference/data-security#encryption-interceptors) (on produce) instead.

### List-based encryption on consume

<Tabs>
  <Tab title="curl">
    ```bash theme={null}
    curl \
      --request PUT \
      --url 'http://localhost:8888/gateway/v2/interceptor' \
      --header 'Authorization: Basic YWRtaW46Y29uZHVrdG9y' \
      --header 'Content-Type: application/json' \
      --data-raw '{
      "name": "myEncryptPlugin",
      "pluginClass": "io.conduktor.gateway.interceptor.FetchEncryptPlugin",
      "priority": 100,
      "config": {
        "topic": ".*",
        "schemaRegistryConfig": {
          "host": "http://schema-registry:8081"
        },
        "kmsConfig": {
          "vault": {
            "uri": "http://vault:8200",
            "token": "vault-plaintext-root-token",
            "version": 1
          }
        },
        "recordValue": {
          "fields": [
            {
              "fieldName": "password",
              "keySecretId": "vault-kms://vault:8200/transit/keys/password-secret",
              "algorithm": "AES128_GCM"
            },
            {
              "fieldName": "visa",
              "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-visa-secret-{{record.key}}-{{record.value.username}}-{{record.value.education.account.accountId}}",
              "algorithm": "AES128_GCM"
            },
            {
              "fieldName": "education.account.username",
              "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-secret-key-account-username-{{record.topic}}",
              "algorithm": "AES128_GCM"
            }
          ]
        }
      }
    }'
    ```
  </Tab>

  <Tab title="Conduktor CLI">
    ```yaml theme={null}
    apiVersion: gateway/v2
    kind: Interceptor
    metadata:
      name: myEncryptPlugin
      scope:
        vCluster: passthrough
    spec:
      pluginClass: io.conduktor.gateway.interceptor.FetchEncryptPlugin
      priority: 100
      config:
        topic: ".*"
        schemaRegistryConfig:
          host: http://schema-registry:8081
        kmsConfig:
          vault:
            uri: http://vault:8200
            token: vault-plaintext-root-token
            version: 1
        recordValue:
          fields:
            - fieldName: password
              keySecretId: vault-kms://vault:8200/transit/keys/password-secret
              algorithm: AES128_GCM
            - fieldName: visa
              keySecretId: vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-visa-secret-{{record.key}}-{{record.value.username}}-{{record.value.education.account.accountId}}
              algorithm: AES128_GCM
            - fieldName: education.account.username
              keySecretId: vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-secret-key-account-username-{{record.topic}}
              algorithm: AES128_GCM
    ```

    Apply with:

    ```bash theme={null}
    conduktor apply -f encrypt-on-consume.yaml
    ```
  </Tab>
</Tabs>

### List-based encryption on consume with secured template

<Tabs>
  <Tab title="curl">
    ```bash theme={null}
    curl \
      --request PUT \
      --url 'http://localhost:8888/gateway/v2/interceptor' \
      --header 'Authorization: Basic YWRtaW46Y29uZHVrdG9y' \
      --header 'Content-Type: application/json' \
      --data-raw '{
      "name": "myEncryptPlugin",
      "pluginClass": "io.conduktor.gateway.interceptor.FetchEncryptPlugin",
      "priority": 100,
      "config": {
        "topic": ".*",
        "schemaRegistryConfig": {
          "host": "http://schema-registry:8081",
          "additionalConfigs": {
            "schema.registry.url": "${SR_URL}",
            "basic.auth.credentials.source": "${SR_BASIC_AUTH_CRED_SRC}",
            "basic.auth.user.info": "${SR_BASIC_AUTH_USER_INFO}"
          }
        },
        "kmsConfig": {
          "vault": {
            "uri": "https://vault:8200",
            "token": "${VAULT_TOKEN}",
            "trustStore": {
              "trustStorePath": "/security/truststore.jks"
            }
          }
        },
        "recordValue": {
          "fields": [
            {
              "fieldName": "password",
              "keySecretId": "vault-kms://vault:8200/transit/keys/password-secret",
              "algorithm": "AES128_GCM"
            },
            {
              "fieldName": "visa",
              "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-visa-secret-{{record.key}}-{{record.value.username}}-{{record.value.education.account.accountId}}",
              "algorithm": "AES128_GCM"
            },
            {
              "fieldName": "education.account.username",
              "keySecretId": "vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-secret-key-account-username-{{record.topic}}",
              "algorithm": "AES128_GCM"
            }
          ]
        }
      }
    }'
    ```
  </Tab>

  <Tab title="Conduktor CLI">
    ```yaml theme={null}
    apiVersion: gateway/v2
    kind: Interceptor
    metadata:
      name: myEncryptPlugin
      scope:
        vCluster: passthrough
    spec:
      pluginClass: io.conduktor.gateway.interceptor.FetchEncryptPlugin
      priority: 100
      config:
        topic: ".*"
        schemaRegistryConfig:
          host: http://schema-registry:8081
          additionalConfigs:
            schema.registry.url: $${SR_URL}
            basic.auth.credentials.source: $${SR_BASIC_AUTH_CRED_SRC}
            basic.auth.user.info: $${SR_BASIC_AUTH_USER_INFO}
        kmsConfig:
          vault:
            uri: http://vault:8200
            token: $${VAULT_TOKEN}
            version: 1
        recordValue:
          fields:
            - fieldName: password
              keySecretId: vault-kms://vault:8200/transit/keys/password-secret
              algorithm: AES128_GCM
            - fieldName: visa
              keySecretId: vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-visa-secret-{{record.key}}-{{record.value.username}}-{{record.value.education.account.accountId}}
              algorithm: AES128_GCM
            - fieldName: education.account.username
              keySecretId: vault-kms://vault:8200/transit/keys/{{record.header.test-header}}-secret-key-account-username-{{record.topic}}
              algorithm: AES128_GCM
    ```

    Apply with:

    ```bash theme={null}
    conduktor apply -f encrypt-on-consume-secured-template.yaml
    ```
  </Tab>
</Tabs>

## Encrypt on consume - schema based (FetchEncryptSchemaBasedPlugin)

<Note>Removed in Gateway v3.19.0. Deprecated since Gateway v3.16.0.</Note>

Full plugin name: `io.conduktor.gateway.interceptor.FetchEncryptSchemaBasedPlugin`

Encrypted fields tagged in a specified schema during fetch/consume operations. Data stored in Kafka remained unencrypted — encryption was applied only when consumers read through Gateway.

The configuration properties were the same as the schema-based [EncryptSchemaBasedPlugin](/guide/reference/data-security#encryption-configuration).

**Recommended alternative:** Use [data masking policies](/guide/conduktor-in-production/admin/data-masking) or [EncryptSchemaBasedPlugin](/guide/reference/data-security#encryption-interceptors) (on produce) instead.

### Schema-based encryption on consume

<Tabs>
  <Tab title="curl">
    ```bash theme={null}
    curl \
      --request PUT \
      --url 'http://localhost:8888/gateway/v2/interceptor' \
      --header 'Authorization: Basic YWRtaW46Y29uZHVrdG9y' \
      --header 'Content-Type: application/json' \
      --data-raw '{
      "name": "mySchemaBasedEncryptPlugin",
      "pluginClass": "io.conduktor.gateway.interceptor.FetchEncryptSchemaBasedPlugin",
      "priority": 100,
      "config": {
        "topic": ".*",
        "schemaRegistryConfig": {
          "host": "http://schema-registry:8081"
        },
        "kmsConfig": {
          "vault": {
            "uri": "https://vault:8200",
            "token": "vault-plaintext-root-token",
            "trustStore": {
              "trustStorePath": "/security/truststore.jks"
            }
          }
        },
        "defaultKeySecretId": "vault-kms://vault:8200/transit/keys/myDefaultKeySecret",
        "defaultAlgorithm": "AES128_EAX",
        "tags": ["PII", "ENCRYPTION"],
        "namespace": "conduktor."
      }
    }'
    ```
  </Tab>

  <Tab title="Conduktor CLI">
    ```yaml theme={null}
    apiVersion: gateway/v2
    kind: Interceptor
    metadata:
      name: mySchemaBasedEncryptPlugin
      scope:
        vCluster: passthrough
    spec:
      pluginClass: io.conduktor.gateway.interceptor.FetchEncryptSchemaBasedPlugin
      priority: 100
      config:
        topic: ".*"
        schemaRegistryConfig:
          host: http://schema-registry:8081
        kmsConfig:
          vault:
            uri: http://vault:8200
            token: vault-plaintext-root-token
            version: 1
        defaultKeySecretId: vault-kms://vault:8200/transit/keys/myDefaultKeySecret
        defaultAlgorithm: AES128_EAX
        tags:
          - PII
          - ENCRYPTION
        namespace: conduktor.
    ```

    Apply with:

    ```bash theme={null}
    conduktor apply -f schema-based-encrypt-on-consume.yaml
    ```
  </Tab>
</Tabs>
