the message is encrypted on kafka connect and will be decrypted on FE side using same key.
Global Key
Add configuration client.channel.cipher.key
the value is text that already hash and Base64 encode
Per Customer Key
need create custom FQCN
example PR :
note : this PR is old branch, avro schema is not supported in here
https://github.com/ably/kafka-connect-ably/pull/70
example custom implementation.
example config
{
"connector.class": "com.ably.kafka.connect.ChannelSinkConnector",
"tasks.max": "3",
"group.id": "ably-connect-cluster",
"topics": "mytopic",
"client.id": "Ably-Kafka-Connector",
"channel": "customer",
"message.name": "#{topic}",
"client.key": "",
"errors.tolerance": "all",
"errors.log.enable": true,
"errors.deadletterqueue.topic.name": "topic_dlq",
"errors.deadletterqueue.context.headers.enable": true,
"errors.deadletterqueue.topic.replication.factor": 1,
"client.channel.cipher.key.class" : "com.ably.kafka.connect.config.DefaultCipherConfig",
"client.loglevel": 7
}
FE SIDE
need add key before attach to the channel.
final key = await _hash(secret, salt, length);
final RealtimeChannelOptions channelOptions =
await RealtimeChannelOptions.withCipherKey(key);
await channel.setOptions(channelOptions);
await channel.attach();
Result
We can generate per customer encryption key but at this moment connector does not have caching mechanism. Generate encryption key based on certain kafka header (customerId) and topic is expensive process. We need others solution for per customer key encryption.
