This repository provides several demos of the Confluent Cloud feature Client-Side Field Level Encryption.
It covers step-by-step guidelines for different KMS via folders:
| Scenario | Key Vault | KEK shared |
|---|---|---|
| Azure | Azure Key Vault | no |
| HashiCorp | HashiCorp Vault | no |
| AWS | AWS Key Management Service | no |
| GCP | GCP Key Management Service | no |
| AWS - Shared | AWS Key Management Service | yes |
| Azure - SM Connect | Azure Key Vault | no |
- Confluent Cloud cluster with Advanced Stream Governance package
- For clients, Confluent Platform 7.4.2 or 7.5.1 are required.
We will produce personal data to Confluent Cloud in the following form
{
"id": "0",
"name": "Anna",
"birthday": "1993-08-01",
"timestamp": "2023-10-07T19:54:21.884Z"
}
However, we set up the corresponding configurations to encrypt the birthday field.
We then start a consumer with the corresponding configurations to decrypt the field again.
In order to have a realistic scenario, we do not produce and consume via the CLI but develop a producer and consumer application with Kotlin.