Releases: hpgrahsl/kryptonite-for-kafka
Releases · hpgrahsl/kryptonite-for-kafka
Kryptonite for Kafka Version 0.4.2
Kryptonite for Kafka Version 0.4.1
Kryptonite for Kafka Version 0.4.0
1) features:
- brand new http api implemented based on Quarkus Funqy to offer kryptonite integration for languages / runtimes other than Java / JVM
- consistent configuration and integration to support Azure Key Vault for tink keyset storage in all three modules (UDF, SMT, HTTP API)
- consistent configuration and integration to support GCP Cloud KMS Keys for tink keyset encryption in all three modules (UDF, SMT, HTTP API)
2) maintenance:
- major refactoring of all functional tests for UDFs, SMT and HTTP API
3) breaking changes:
- most notably support for the "vanilla crypto" using plain JCE was removed in favor of doing all cryptography operations based on Tink
4) documentation:
- updated all READMEs with details about how to configure / use new features
- funqy-http-api documentation is here
What's Changed
- major refactor of tink integration including kms-based kek support by @hpgrahsl in #5
- add http api for kryptonite by @hpgrahsl in #6
- major tests refactoring by @hpgrahsl in #7
Full Changelog: v0.3.0...v0.4.0
Contributors
hpgrahsl
Assets 5
Kryptonite for Kafka Version 0.3.0
1) maintenance:
- updates for all major dependencies across modules
- renaming of selected packages
- add/adapt logging
- commonly used classes are pre-registered for kryo serialization
2) features:
- preliminary ksqlDB UDF support 🚀
3) documentation:
- adapt readme structure due to splitting the documentation into multiple files residing in the respective modules
- write basic documentation for stream processing support based on ksqlDB UDFs
- typos and other little corrections
- update download links to new versions of the pre-built jars
Kryptonite for Kafka Version 0.2.0
1) maintenance:
- restructure / rename mvn module and folders and bump version
- various dependency updates
- further code repackaging and class renaming
2) bug fixes:
- fix wrong config type for kms_config (string -> password)
3) features:
- change key source config and handling for remote / cloud KMS
- add prefetch support to KeyMaterialResolver and AzureKeyVault
- tink keyset is used for implicit key rotation support
- no need for key id in cipherfield smt decrypt config (part of payload meta data)
- azure key vault secrets based on tink keyset json spec
- major overhaul for google tink integration
- rewrite config based on tink keysets in JSON format
- add tink's AES GCM besides the 'native' JCE impl
- add deterministic mode using tink's AEAD AES SIV primitive
- improve functional test of CipherField SMT
4) documentation:
- typos and other little corrections
- mostly doc updates and a few minor changes
- adapt documentation to reflect changes w.r.t. tink integration
Kafka Connect Transform Kryptonite Version 0.1.1
Patch release of Kryptonite
NOTE: this is the last release before a larger code-base refactoring and major improvements including breaking changes
1) bugs fixed:
- null handling of struct type values with element mode for schema-aware records
- respects optional settings in accordance with original schema during schema redaction
- adapt element mode processing in schemaless record handler
2) initial poc support for externalizing keys
- add / adapt config settings for externalizing secret keys
- integrate with azure key vault for retrieving keys as secrets from the cloud during SMT configuration
3) documentation updates
Kafka Connect Transform Kryptonite Version 0.1.0
Initial release of Kryptonite
- it's a turn-key ready transformation (SMT) for Apache Kafka® Connect
- allows for configurable field-level 🔒 encryption/decryption 🔓 of connect records
- supports schemaless and schema-aware connect records