password
field, it will target this field within the incoming Kafka record for encryption.
keySecretId
specified in your configuration to ensure the correct key is utilized.
keySecretId
provided in your Interceptor configuration and that’s stored in the header of the record, on the backing Kafka.
envelope encryption
technique to encrypt data. Here are some key terms we’ll use:
Term | Definition |
---|---|
KMS | Key Management Service: A system responsible for managing and storing cryptographic keys, including the KEK. |
KEK | Key Encryption Key: A key stored in the KMS, used to encrypt the DEK. Notably, the KEK is never exposed to or known by the Interceptor. |
DEK | Data Encryption Key: A key generated by the Interceptor, used to encrypt the actual data. |
EDEK | Encrypted Data Encryption Key: The DEK that has been encrypted by the KEK, ensuring that the DEK remains secure when stored or transmitted. |